EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System : 8/21/2015 6:57:51 AM

Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >>
From our sponsors
 

 

Vulnerability Databse
This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text.

EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System
8/21/2015 12:00:00 AM

EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System
SecurityTracker Alert ID:  1033345
SecurityTracker URL:  http://securitytracker.com/id/1033345
CVE Reference:   CVE-2015-4537   (Links to External Site)
Date:  Aug 21 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.2 and prior
Description:   A vulnerability was reported in EMC Documentum D2. A remote authenticated user can gain access to the target system.

A remote authenticated user can remove the 'D2.Lockbox' file from the target system to cause Documentum D2 to use a common hard-coded passphrase to encrypt admin tickets. The passphrase is contained in Documentum D2 jar files. The user can use the passphrase to obtain admin tickets.

Impact:   A remote authenticated user can obtain admin tickets and gain access to the target system.
Solution:   The vendor has issued a fix (4.5).
Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Authentication error
Underlying OS:   Windows (2003)

Message History:   None.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Diberdayakan oleh Blogger.