BMC PATROL Agent Authentication Replay Attack

1999-04-09T00:00:00
ID OSVDB:5922
Type osvdb
Reporter Frederic Costa(fcosta@cf6.com)
Modified 1999-04-09T00:00:00

Description

Vulnerability Description

Patrol Management software contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords when sniffing the network and using them with a replay attack, which may lead to a loss of confidentiality and integrity.

Solution Description

Upgrade to version 3.26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Patrol Management software contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords when sniffing the network and using them with a replay attack, which may lead to a loss of confidentiality and integrity.

References:

Vendor URL: http://www.bmc.com Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999_2/0092.html Keyword: now "BMC Performance Manager" ISS X-Force ID: 2078 CVE-1999-0443