Vulnerabilities > CVE-2013-4218 - Cryptographic Issues vulnerability in Intel Wimax Network Service 1.5.0/1.5.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2013-4218 JBOSS是一个基于J2EE的开放源代码的应用服务器 通过remote-naming把已验证连接缓存在服务器上时存在一个漏洞,在用户成功登录后,远程攻击者可使用remoting客户端需要密码以该用户身份登录,允许以该用户上下文执行任意操作或访问数据 0 JBoss Enterprise Application Platform 6.1.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: http://rhn.redhat.com/errata/RHSA-2013-1151.html http://rhn.redhat.com/errata/RHSA-2013-1152.html |
id | SSV:60975 |
last seen | 2017-11-19 |
modified | 2013-08-27 |
published | 2013-08-27 |
reporter | Root |
title | JBoss Enterprise Application Platform Remote-Naming连接处理验证绕过漏洞 |