CVE-2012-5930

Name of the Vulnerable Software and Affected Versions NetIQ Privileged User Manager versions 2.3.x through 2.3.1 before HF2

Description The issue concerns the pa modify accounts function in auth.dll within unifid.exe, which does not require authentication for the modifyAccounts method. This allows remote attackers to change administrative account passwords by sending a crafted application/x-amf request.

Recommendations For versions 2.3.x through 2.3.1 before HF2, update to version 2.3.1 HF2 to resolve the issue. As a temporary workaround, consider restricting access to the modifyAccounts method until the update is applied.