Nicolas Viot

Name of the Vulnerable Software and Affected Versions: RSA EnVision versions 3.5.0 through 3.5.2 RSA EnVision version 3.7.0 Description: The issue allows remote attackers to obtain the administrator password hash, which can then be used to conduct brute force guessing attacks. This is due to improper restriction of access to user profile functionality. Recommendations: For RSA EnVision versions 3.5.0 through 3.5.2, restrict access to user profile functionality to prevent unauthorized access. For RSA EnVision version 3.7.0, restrict access to user profile functionality to prevent unauthorized access. As a temporary workaround, consider restricting access to the administrator account until a fix is available.