SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   RSA Access Manager Vendors:   RSA
RSA Access Manager Plaintext Password Logging Lets Local Users View Passwords
SecurityTracker Alert ID:  1030182
SecurityTracker URL:  http://securitytracker.com/id/1030182
CVE Reference:   CVE-2014-0646   (Links to External Site)
Date:  Apr 30 2014
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Server version 6.1 SP 3, 6.1 SP 4, 6.2, 6.2 SP 1
Description:   A vulnerability was reported in RSA Access Manager. A local user can obtain passwords.

The system writes passwords in plaintext in the runtime WS component log files when the logging level is set to 'INFO'. A local user can view the passwords and gain full privileges on the target system.

Certain RSA Access Manager Server versions are affected.

RSA Access Manager Agent versions are not affected.

Impact:   A local user can obtain passwords.
Solution:   The vendor has issued a fix (HF 6.1.3.39, HF 6.1.4.22, HF 6.2.0.11, HF 6.2.1.03; Advisory ESA-2014-029).

The vendor recommends that customers change their passwords [after applying the hotfix].

Vendor URL:  www.rsa.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (Solaris - SunOS), Windows (2003), Windows (2008)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC