Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

RSA EnVision Remote Password Disclosure
From: nicolas.viot () intrinsec com
Date: 25 Nov 2008 21:54:03 -0000


I Reference

Title: RSA EnVision Remote Password Disclosure
URL: http://www.secfault.org/?p=78

II. BACKGROUND

RSA EnVision, a product of RSA Security, is a platform allowing gathering and analysis of security events and logs.

RSA Security is a subsdiary company of EMC Corporation.

III. DESCRIPTION

The RSA EnVision platform provides a web console which enables administration of the solution and  analysis of security 
events.

A vulnerability exists in this web application, allowing a remote anonymous attacker to retrieve the hash of the 
password used for authentication.

Using a dictionnary or a bruteforce attack against this hash, a remote attacker can gain administration privilege on 
the EnVision web console.

This vulnerability is due to a lack of access control on the user profile functionnality.

Step to reproduce:

The step to reproduce the vulnerability will be disclosure Novembre 28 2008.

IV. IMPACT

Successful exploitation allows remote attackers to gain access to hash of password used to authenticate users of the 
web console.

Using a dictionnary or a bruteforce attack against the retrieved hash, a remote attacker can gain administration 
privilege on the EnVision web console.

V. PRODUCT AFFECTED

The vulnerability was sucessfully exploited on enVision v3.7.0 Build: 0169.

EMC has reported the following versions to be affected:

RSA EnVision 3.5.0, 3.5.1, 3.5.2 and 3.7.0

VI. REMEDIATION

Apply the vendor patch corresponding to your version of RSA EnVision:
https://knowledge.rsasecurity.com/


VII. DISCLOSURE TIMELINE
10/30/2008 Initial vendor notification
10/31/2008 Initial vendor response
11/21/2008 Patch release and coordinated public advisory disclosure
11/28/2008 Detailed vulnerability information disclosure

VIII. VENDOR REFERENCE

EMC Security Alert (ESA) identifier : ESA-08-017

IX. CREDIT

This vulnerability was discovered by Nicolas Viot <nicolas.viot () intrinsec com>
Intrinsec is a french company specialized in business continuity and security : http://www.intrinsec.com

  By Date           By Thread  

Current thread:
  • RSA EnVision Remote Password Disclosure nicolas . viot (Nov 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]