Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0643

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2014-0643
Last Modified 16 May 2014 10:25:32
Published 16 May 2014 07:11:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-0643

Summary

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

Vulnerable Systems

Application

  • Emc Rsa Netwitness 9.8.5.17

  • Emc Rsa Security Analytics 10.0

  • Emc Rsa Security Analytics 10.1

  • Emc Rsa Security Analytics 10.2

  • Emc Rsa Security Analytics 10.2.3

  • Emc Rsa Security Analytics 10.3

  • Emc Rsa Security Analytics 10.3.1


References

BUGTRAQ - 20140512 ESA-2014-027: RSA NetWitness and RSA Security Analytics Authentication Bypass Vulnerability


Last Updated: 27 May 2016 11:05:18