CVE-2010-4506

Name of the Vulnerable Software and Affected Versions Passlogix v-GO Self-Service Password Reset (SSPR) and OEM versions prior to 7.0A

Description The issue allows physically proximate attackers to execute arbitrary programs without authentication. This can be achieved by triggering the use of an invalid SSL certificate and utilizing the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog, which is reachable from the "Certificate Export" wizard.

Recommendations For versions prior to 7.0A, update to version 7.0A or later to resolve the issue.