VDB-10526 · SA71 · OSVDB 97866

Blue Coat Reporter 9.3.3.1 LDAP Password Disconneted Admin cifrado débil

ArtículoeditarHistoryDiffjsonxmlCTI

Una vulnerabilidad ha sido encontrada en Blue Coat Reporter 9.3.3.1 (Reporting Software) y clasificada como crítica. Una función desconocida del componente LDAP Password Handler es afectada por esta vulnerabilidad. Una actualización a la versión 9.4 elimina esta vulnerabilidad. Aplicando un parche es posible eliminar el problema. El parche puede ser descargado de bto.bluecoat.com. Es posible mitigar el efecto del problema mediante el uso de Enable HTTPS. El mejor modo sugerido para mitigar el problema es actualizar a la última versión. Una solución posible ha sido publicada inmediatamente después de la publicación de la vulnerabilidad.

Campo2013-10-02 17:322019-03-24 16:06
vendorBlue CoatBlue Coat
nameReporterReporter
version9.3.3.19.3.3.1
componentLDAP Password HandlerLDAP Password Handler
input_typeDisconneted AdminDisconneted Admin
risk11
historic00
cvss2_vuldb_basescore8.38.3
cvss2_vuldb_tempscore6.56.5
cvss2_vuldb_avAA
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore7.97.9
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore7.97.9
advisoryquoteDisconnected login is also enabled by default in 9.x releases. Disconnected login stores the password used by the Administrator locally with minimal obfuscation. An attacker who is able to de-obfuscate the password will thereby be able to log in to Reporter as the Administrator and will be able to log in to the configured LDAP directory.Disconnected login is also enabled by default in 9.x releases. Disconnected login stores the password used by the Administrator locally with minimal obfuscation. An attacker who is able to de-obfuscate the password will thereby be able to log in to Reporter as the Administrator and will be able to log in to the configured LDAP directory.
date1355270400 (2012-12-12)1355270400 (2012-12-12)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://kb.bluecoat.com/index?page=content&id=SA71https://kb.bluecoat.com/index?page=content&id=SA71
identifierSA71SA71
disputed00
availability11
date1355270400 (2012-12-12)1355270400 (2012-12-12)
publicity11
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
date1355270400 (2012-12-12)1355270400 (2012-12-12)
upgrade_version9.49.4
patch_urlhttps://bto.bluecoat.com/download/product/8793https://bto.bluecoat.com/download/product/8793
config_settingEnable HTTPSEnable HTTPS
osvdb9786697866
seealso1052710527
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
typeReporting Software
cwe0312 (cifrado débil)

Do you want to use VulDB in your project?

Use the official API to access entries easily!