CVE-2015-0532

Sažetak

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

Reference

http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html
http://seclists.org/bugtraq/2015/Apr/204
http://www.securitytracker.com/id/1032218

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

01-04-2016 - 01:05

Objavljeno

01-05-2015 - 10:59