PT-2012-3201 · Cisco · Cisco Waas
Publicado
2012-08-06
·
Atualizado
2012-08-07
·
CVE-2012-1348
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Wide Area Application Services (WAAS) appliances version 4.4
Cisco Wide Area Application Services (WAAS) appliances version 5.0
Cisco Wide Area Application Services (WAAS) appliances version 5.1
Description
The issue allows remote attackers to potentially obtain sensitive information via a brute-force attack on a one-way hash of a password included within output text.
Recommendations
For version 4.4, update to a version that does not include the vulnerable password hash output.
For version 5.0, update to a version that does not include the vulnerable password hash output.
For version 5.1, update to a version that does not include the vulnerable password hash output.
As a temporary workaround, consider restricting access to the output text that includes the password hash to minimize the risk of exploitation.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Waas