Vulnerabilities > CVE-2013-4091 - Credentials Management vulnerability in Imperva Securesphere 9.0.0.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities. CVE-2013-4091,CVE-2013-4092,CVE-2013-4093,CVE-2013-4094,CVE-2013-4095. Webapps ex... |
| id | EDB-ID:25977 |
| last seen | 2016-02-03 |
| modified | 2013-06-05 |
| published | 2013-06-05 |
| reporter | Pedro Andujar |
| source | https://www.exploit-db.com/download/25977/ |
| title | Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities |
References
- http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html
- http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html
- http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt
- http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt