PT-2011-4186 · Red Hat · Red Hat Enterprise Mrg

Vincent Danen

Published

2011-09-19

Updated

2021-07-15

CVE-2011-2925

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Messaging, Realtime, and Grid (MRG) version 2.0

Description The issue allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. This is possible because broker authentication credentials are recorded in a log file.

Recommendations For Red Hat Enterprise Messaging, Realtime, and Grid (MRG) version 2.0, consider restricting access to the log files that contain broker authentication credentials to minimize the risk of exploitation. Additionally, review and modify the logging configuration to prevent the recording of sensitive authentication credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2011-2925

RHSA-2011:1249

RHSA-2011:1250

Affected Products

Red Hat Enterprise Mrg

PT-2011-4186 · Red Hat · Red Hat Enterprise Mrg

CVE-2011-2925

Weakness Enumeration

Related Identifiers

Affected Products

References · 11