PT-2011-4186 · Red Hat · Red Hat Enterprise Mrg

Vincent Danen

Publicado

2011-09-19

Atualizado

2021-07-15

CVE-2011-2925

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Messaging, Realtime, and Grid (MRG) version 2.0

Description The issue allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. This is possible because broker authentication credentials are recorded in a log file.

Recommendations For Red Hat Enterprise Messaging, Realtime, and Grid (MRG) version 2.0, consider restricting access to the log files that contain broker authentication credentials to minimize the risk of exploitation. Additionally, review and modify the logging configuration to prevent the recording of sensitive authentication credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2011-2925

RHSA-2011:1249

RHSA-2011:1250

Produtos afetados

Red Hat Enterprise Mrg

PT-2011-4186 · Red Hat · Red Hat Enterprise Mrg

CVE-2011-2925

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11