PT-2016-4728 · Cisco · Cisco Firesight System
Publicado
2016-03-03
·
Atualizado
2016-12-03
·
CVE-2016-1356
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco FireSIGHT System Software version 6.1.0
Description
The issue allows remote attackers to enumerate valid usernames by measuring timing differences due to the lack of a constant-time algorithm for verifying credentials.
Recommendations
For Cisco FireSIGHT System Software version 6.1.0, consider implementing a constant-time algorithm for credential verification to prevent timing attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cisco Firesight System