Vulnerabilities > CVE-2019-3711

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
rsa
emc
nessus

Summary

RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.

Nessus

NASL familyCGI abuses
NASL idEMC_RSA_AM_8_4_P1.NASL
descriptionThe version of EMC RSA Authentication Manager running on the remote host is prior to 8.4 Patch 1. It is, therefore, affected by an insecure credential management vulnerability in the operations console components. An authenticated, remote attacker with administrator privileges can exploit this, to obtain the value of a domain password that another operations console administrator had set previously.
last seen2020-04-04
modified2019-03-08
plugin id122717
published2019-03-08
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/122717
titleEMC RSA Authentication Manager < 8.4 P1 Insecure Credential Management (DSA-2019-038)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(122717);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/03");

  script_cve_id("CVE-2019-3711");
  script_bugtraq_id(107210);

  script_name(english:"EMC RSA Authentication Manager < 8.4 P1 Insecure Credential Management (DSA-2019-038)");
  script_summary(english:"Checks the version of EMC RSA Authentication Manager.");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by an insecure
credential management vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of EMC RSA Authentication Manager running on the remote
host is prior to 8.4 Patch 1. It is, therefore, affected by an insecure
credential management vulnerability in the operations console
components. An authenticated, remote attacker with administrator
privileges can exploit this, to obtain the value of a domain password
that another operations console administrator had set previously.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2019/Mar/5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to EMC RSA Authentication Manager version 8.4 Patch 1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3711");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/08");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:rsa_authentication_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:rsa:authentication_manager");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("emc_rsa_am_detect.nbin");
  script_require_keys("installed_sw/EMC RSA Authentication Manager");
  script_require_ports("Services/www", 7004);

  exit(0);
}

include('http.inc');
include('vcf.inc');

port = get_http_port(default:7004);
app ='EMC RSA Authentication Manager';
app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

constraints = [
  { 'fixed_version' : '8.4.0.1', 'fixed_display' : '8.4 Patch 1' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);