[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: RSA EnVision Remote Password Disclosure
From: nicolas.viot () intrinsec ! com
Date: 2008-11-25 21:54:03
Message-ID: 20081125215403.2183.qmail () securityfocus ! com
[Download RAW message or body]
I Reference
Title: RSA EnVision Remote Password Disclosure
URL: http://www.secfault.org/?p=78
II. BACKGROUND
RSA EnVision, a product of RSA Security, is a platform allowing gathering and \
analysis of security events and logs.
RSA Security is a subsdiary company of EMC Corporation.
III. DESCRIPTION
The RSA EnVision platform provides a web console which enables administration of the \
solution and analysis of security events.
A vulnerability exists in this web application, allowing a remote anonymous attacker \
to retrieve the hash of the password used for authentication.
Using a dictionnary or a bruteforce attack against this hash, a remote attacker can \
gain administration privilege on the EnVision web console.
This vulnerability is due to a lack of access control on the user profile \
functionnality.
Step to reproduce:
The step to reproduce the vulnerability will be disclosure Novembre 28 2008.
IV. IMPACT
Successful exploitation allows remote attackers to gain access to hash of password \
used to authenticate users of the web console.
Using a dictionnary or a bruteforce attack against the retrieved hash, a remote \
attacker can gain administration privilege on the EnVision web console.
V. PRODUCT AFFECTED
The vulnerability was sucessfully exploited on enVision v3.7.0 Build: 0169.
EMC has reported the following versions to be affected:
RSA EnVision 3.5.0, 3.5.1, 3.5.2 and 3.7.0
VI. REMEDIATION
Apply the vendor patch corresponding to your version of RSA EnVision:
https://knowledge.rsasecurity.com/
VII. DISCLOSURE TIMELINE
10/30/2008 Initial vendor notification
10/31/2008 Initial vendor response
11/21/2008 Patch release and coordinated public advisory disclosure
11/28/2008 Detailed vulnerability information disclosure
VIII. VENDOR REFERENCE
EMC Security Alert (ESA) identifier : ESA-08-017
IX. CREDIT
This vulnerability was discovered by Nicolas Viot <nicolas.viot@intrinsec.com>
Intrinsec is a french company specialized in business continuity and security : \
http://www.intrinsec.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic