I Reference



Title: RSA EnVision Remote Password Disclosure

URL: http://www.secfault.org/?p=78



II. BACKGROUND



RSA EnVision, a product of RSA Security, is a platform allowing gathering and 
analysis of security events and logs.



RSA Security is a subsdiary company of EMC Corporation.



III. DESCRIPTION



The RSA EnVision platform provides a web console which enables administration 
of the solution and  analysis of security events.



A vulnerability exists in this web application, allowing a remote anonymous 
attacker to retrieve the hash of the password used for authentication.



Using a dictionnary or a bruteforce attack against this hash, a remote attacker 
can gain administration privilege on the EnVision web console.



This vulnerability is due to a lack of access control on the user profile 
functionnality.



Step to reproduce:



The step to reproduce the vulnerability will be disclosure Novembre 28 2008.



IV. IMPACT



Successful exploitation allows remote attackers to gain access to hash of 
password used to authenticate users of the web console.



Using a dictionnary or a bruteforce attack against the retrieved hash, a remote 
attacker can gain administration privilege on the EnVision web console.



V. PRODUCT AFFECTED



The vulnerability was sucessfully exploited on enVision v3.7.0 Build: 0169.



EMC has reported the following versions to be affected:



RSA EnVision 3.5.0, 3.5.1, 3.5.2 and 3.7.0



VI. REMEDIATION



Apply the vendor patch corresponding to your version of RSA EnVision:

https://knowledge.rsasecurity.com/





VII. DISCLOSURE TIMELINE

10/30/2008 Initial vendor notification

10/31/2008 Initial vendor response

11/21/2008 Patch release and coordinated public advisory disclosure

11/28/2008 Detailed vulnerability information disclosure



VIII. VENDOR REFERENCE



EMC Security Alert (ESA) identifier : ESA-08-017



IX. CREDIT



This vulnerability was discovered by Nicolas Viot <[EMAIL PROTECTED]>

Intrinsec is a french company specialized in business continuity and security : 
http://www.intrinsec.com


Reply via email to