EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System : 8/21/2015 6:57:51 AM
Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System
8/21/2015 12:00:00 AM
| EMC Documentum D2 Password File Flaw Lets Remote Authenticated Users Access the Target System |
| SecurityTracker Alert ID: 1033345 |
| SecurityTracker URL: http://securitytracker.com/id/1033345 |
| CVE Reference: CVE-2015-4537 (Links to External Site) |
| Date: Aug 21 2015 |
| Impact: User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): 4.2 and prior |
| Description: A vulnerability was reported in EMC Documentum D2. A remote authenticated user can gain access to the target system. A remote authenticated user can remove the 'D2.Lockbox' file from the target system to cause Documentum D2 to use a common hard-coded passphrase to encrypt admin tickets. The passphrase is contained in Documentum D2 jar files. The user can use the passphrase to obtain admin tickets. |
| Impact: A remote authenticated user can obtain admin tickets and gain access to the target system. |
| Solution: The vendor has issued a fix (4.5). |
| Vendor URL: www.emc.com/ (Links to External Site) |
| Cause: Authentication error |
| Underlying OS: Windows (2003) |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.