RSA EnVision Remote Password Disclosure

2008-11-26 / 2008-11-27
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

I Reference Title: RSA EnVision Remote Password Disclosure URL: http://www.secfault.org/?p=78 II. BACKGROUND RSA EnVision, a product of RSA Security, is a platform allowing gathering and analysis of security events and logs. RSA Security is a subsdiary company of EMC Corporation. III. DESCRIPTION The RSA EnVision platform provides a web console which enables administration of the solution and analysis of security events. A vulnerability exists in this web application, allowing a remote anonymous attacker to retrieve the hash of the password used for authentication. Using a dictionnary or a bruteforce attack against this hash, a remote attacker can gain administration privilege on the EnVision web console. This vulnerability is due to a lack of access control on the user profile functionnality. Step to reproduce: The step to reproduce the vulnerability will be disclosure Novembre 28 2008. IV. IMPACT Successful exploitation allows remote attackers to gain access to hash of password used to authenticate users of the web console. Using a dictionnary or a bruteforce attack against the retrieved hash, a remote attacker can gain administration privilege on the EnVision web console. V. PRODUCT AFFECTED The vulnerability was sucessfully exploited on enVision v3.7.0 Build: 0169. EMC has reported the following versions to be affected: RSA EnVision 3.5.0, 3.5.1, 3.5.2 and 3.7.0 VI. REMEDIATION Apply the vendor patch corresponding to your version of RSA EnVision: https://knowledge.rsasecurity.com/ VII. DISCLOSURE TIMELINE 10/30/2008 Initial vendor notification 10/31/2008 Initial vendor response 11/21/2008 Patch release and coordinated public advisory disclosure 11/28/2008 Detailed vulnerability information disclosure VIII. VENDOR REFERENCE EMC Security Alert (ESA) identifier : ESA-08-017 IX. CREDIT This vulnerability was discovered by Nicolas Viot <nicolas.viot_at_intrinsec&#46;com> Intrinsec is a french company specialized in business continuity and security : http://www.intrinsec.com

References:

http://www.vupen.com/english/advisories/2008/3288
http://www.secfault.org/?p=78
http://marc.info/?l=bugtraq&m=122765140110581&w=2
http://xforce.iss.net/xforce/xfdb/46884
http://www.securityfocus.com/bid/32473
http://www.osvdb.org/50273
http://secunia.com/advisories/32883


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top