Remote Password Disclosure in RSA EnVision by RSA Security
CVE-2008-6886

Currently unrated

Key Information:

Vendor: Rsa
Status: Envision
Vendor: CVE Published:; 3 August 2009

What is CVE-2008-6886?

RSA EnVision versions 3.5.0, 3.5.1, 3.5.2, and 3.7.0 have a flaw that improperly restricts access to specific user profile functionalities. This vulnerability can be exploited by remote attackers who are able to obtain the administrator password hash, thus enabling them to launch brute force guessing attacks. Organizations utilizing these versions must take immediate action to secure their systems against unauthorized access and potential data breaches.

References

http://marc.info/?l=bugtraq&m=122765140110581&w=2

mailing-listx_refsource_BUGTRAQ

http://www.secfault.org/?p=78

x_refsource_MISC

http://www.osvdb.org/50273

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2009
Vulnerability Reserved
Aug 3, 2009

Rsa

What is CVE-2008-6886?

References

Timeline