CVE-2008-4315

Name of the Vulnerable Software and Affected Versions tog-pegasus versions 2.7.0 tog-pegasus-devel version 2.7.0

Description The issue concerns multiple vulnerabilities in the tog-pegasus package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the tog-pegasus package in OpenGroup Pegasus 2.7.0 on certain operating systems does not log failed authentication attempts to the OpenPegasus CIM server, making it easier for remote attackers to avoid detection of password guessing attacks.

Recommendations For tog-pegasus version 2.7.0, consider disabling the vulnerable authentication mechanism until a patch is available. For tog-pegasus-devel version 2.7.0, restrict access to the OpenPegasus CIM server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.