PT-2009-2355 · Rsa · Rsa Envision

Nicolas Viot

Published

2009-08-03

Updated

2017-08-17

CVE-2008-6886

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: RSA EnVision versions 3.5.0 through 3.5.2 RSA EnVision version 3.7.0

Description: The issue allows remote attackers to obtain the administrator password hash, which can then be used to conduct brute force guessing attacks. This is due to improper restriction of access to user profile functionality.

Recommendations: For RSA EnVision versions 3.5.0 through 3.5.2, restrict access to user profile functionality to prevent unauthorized access. For RSA EnVision version 3.7.0, restrict access to user profile functionality to prevent unauthorized access. As a temporary workaround, consider restricting access to the administrator account until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-6886

Affected Products

Rsa Envision

PT-2009-2355 · Rsa · Rsa Envision

CVE-2008-6886

Weakness Enumeration

Related Identifiers

Affected Products

References · 8