CVE-2012-4587

Name of the Vulnerable Software and Affected Versions McAfee Enterprise Mobility Manager (EMM) Agent versions prior to 4.8 McAfee Enterprise Mobility Manager (EMM) Server versions prior to 10.1

Description The issue is related to an improper dependency on DNS SRV records when one-time provisioning (OTP) mode is enabled. This makes it easier for remote attackers to discover user passwords by spoofing the EMM server. For example, a password entered on an iOS device can be compromised.

Recommendations For McAfee Enterprise Mobility Manager (EMM) Agent versions prior to 4.8, update to version 4.8 or later to resolve the issue. For McAfee Enterprise Mobility Manager (EMM) Server versions prior to 10.1, update to version 10.1 or later to resolve the issue. As a temporary workaround, consider disabling the one-time provisioning (OTP) mode until a patch is available.