Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   McAfee Enterprise Security Manager (NitroView ESM) Vendors:   McAfee, NitroSecurity
McAfee Enterprise Security Manager Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1034288
SecurityTracker URL:
CVE Reference:   CVE-2015-8024   (Links to External Site)
Date:  Dec 3 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.5.0MR7, 9.4.2MR8, 9.3.2MR18; and prior versions
Description:   A vulnerability was reported in McAfee Enterprise Security Manager. A remote user can bypass authentication.

A remote user can supply a specially crafted username to bypass authentication to gain NGCP (master user) access on the target system.

Systems configured to use Active Directory or LDAP authentication sources are affected.

The vendor was notified on October 13, 2015.

The original advisory is available at:

Claudio Cinquino from Quantum Leap SRL reported this vulnerability.

Impact:   A remote user can bypass authentication on the target system.
Solution:   The vendor has issued a fix (9.4.2MR9, 9.5.0MR8) [in October 2015].

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC