CVE-2014-5376

Sažetak

Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message.

Reference

http://packetstormsecurity.com/files/128485/Moab-Insecure-Message-Signing-Authentication-Bypass.html
http://www.adaptivecomputing.com/security-advisory/
http://www.securityfocus.com/archive/1/533577/100/0/threaded
http://www.securityfocus.com/bid/70171
https://exchange.xforce.ibmcloud.com/vulnerabilities/96700

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:50

Objavljeno

08-10-2014 - 19:55