Vulnerabilities > CVE-2012-4588 - Credentials Management vulnerability in Mcafee products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

mcafee

CWE-255

NVD

Published: 2012-08-22

Updated: 2012-08-22

Summary

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Enterprise Mobility Manager * Mcafee Enterprise Mobility Manager Agent *	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://kc.mcafee.com/corporate/index?page=content&id=SB10021