Remote Password Exposure in Huawei Unified Maintenance Audit
CVE-2016-7108

6.5MEDIUM

Key Information:

Vendor: Huawei
Status: Uma
Vendor: CVE Published:; 7 September 2016

Summary

The Huawei Unified Maintenance Audit (UMA) is vulnerable to a security flaw that permits remote authenticated users to obtain the MD5 hashes of arbitrary user passwords. This vulnerability exists in versions prior to V200R001C00SPC200 SPH206, exposing sensitive user password information through unspecified attack vectors. As a result, attackers could potentially exploit this flaw to gain unauthorized access to user accounts, leading to further security risks.

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/92619

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2016
Vulnerability Reserved
Aug 29, 2016