[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    RSA EnVision Remote Password Disclosure
From:       nicolas.viot () intrinsec ! com
Date:       2008-11-25 21:54:03
Message-ID: 20081125215403.2183.qmail () securityfocus ! com
[Download RAW message or body]



I Reference

Title: RSA EnVision Remote Password Disclosure
URL: http://www.secfault.org/?p=78

II. BACKGROUND

RSA EnVision, a product of RSA Security, is a platform allowing gathering and \
analysis of security events and logs.

RSA Security is a subsdiary company of EMC Corporation.

III. DESCRIPTION

The RSA EnVision platform provides a web console which enables administration of the \
solution and  analysis of security events.

A vulnerability exists in this web application, allowing a remote anonymous attacker \
to retrieve the hash of the password used for authentication.

Using a dictionnary or a bruteforce attack against this hash, a remote attacker can \
gain administration privilege on the EnVision web console.

This vulnerability is due to a lack of access control on the user profile \
functionnality.

Step to reproduce:

The step to reproduce the vulnerability will be disclosure Novembre 28 2008.

IV. IMPACT

Successful exploitation allows remote attackers to gain access to hash of password \
used to authenticate users of the web console.

Using a dictionnary or a bruteforce attack against the retrieved hash, a remote \
attacker can gain administration privilege on the EnVision web console.

V. PRODUCT AFFECTED

The vulnerability was sucessfully exploited on enVision v3.7.0 Build: 0169.

EMC has reported the following versions to be affected:

RSA EnVision 3.5.0, 3.5.1, 3.5.2 and 3.7.0

VI. REMEDIATION

Apply the vendor patch corresponding to your version of RSA EnVision:
https://knowledge.rsasecurity.com/


VII. DISCLOSURE TIMELINE
10/30/2008 Initial vendor notification
10/31/2008 Initial vendor response
11/21/2008 Patch release and coordinated public advisory disclosure
11/28/2008 Detailed vulnerability information disclosure

VIII. VENDOR REFERENCE

EMC Security Alert (ESA) identifier : ESA-08-017

IX. CREDIT

This vulnerability was discovered by Nicolas Viot <nicolas.viot@intrinsec.com>
Intrinsec is a french company specialized in business continuity and security : \
http://www.intrinsec.com


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic