The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
CPE | Name | Operator | Version |
---|---|---|---|
appliance_platform_agent | eq | 3 | |
appliance_platform_agent | eq | 2 |