CVE-2008-2139

Name of the Vulnerable Software and Affected Versions rPath Appliance Platform Agent versions 2 and 3

Description The issue allows physically proximate attackers to gain privileges and maintain control over the administrator account by exploiting a flaw in the rootpw plugin. This plugin does not re-validate requests from a browser with a valid administrator session, including requests to change the password.

Recommendations For rPath Appliance Platform Agent versions 2 and 3, consider implementing additional validation for requests from browsers with valid administrator sessions to prevent unauthorized password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.