PT-2019-1175 · Juniper Networks · Juniper Advanced Threat Prevention

Publicado

2019-01-09

Atualizado

2021-11-23

CVE-2019-0030

CVSS v3.1

7.2

Alta

Vetor

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Juniper Advanced Threat Prevention versions prior to 5.0.3

Description The issue is related to the use of the DES algorithm and a hardcoded salt for password hashing in Juniper Advanced Threat Prevention. This allows for trivial de-hashing of the password file contents, potentially enabling an attacker to access protected information.

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the password file contents until a patch is applied.

Correção

Information Disclosure

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-916CWE-200CWE-327

Identificadores relacionados

BDU:2019-00242

CVE-2019-0030

Produtos afetados

Juniper Advanced Threat Prevention

PT-2019-1175 · Juniper Networks · Juniper Advanced Threat Prevention

CVE-2019-0030

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8