4 matches found
Symantec LiveUpdate Administrator Security Bypass (CVE-2014-1644)
A security policy bypass vulnerability exists in Symantec LiveUpdate Administrator. The vulnerability is due to a failure to validate temporary passwords when processing a user account password reset. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious reques...
SEC Consult SA-20140328-0 :: Multiple vulnerabilities in Symantec LiveUpdate Administrator
SEC Consult Vulnerability Lab Security Advisory 20140328-0 ======================================================================= title: Multiple critical vulnerabilities product: Symantec LiveUpdate Administrator vulnerable version: = 2.3.2.99 fixed version: 2.3.2.110 impact: critical CVE numbe...
Symantec LiveUpdate Administrator未授权访问漏洞
Bugtraq ID:66399 CVE ID:CVE-2014-1644 Symantec LiveUpdate Administrator是一款Symantec产品升级管理程序。 Symantec LiveUpdate Administrator管理GUI对登录/密码功能提供不正确的保护,允许攻击者在知道目标用户email地址的情况下,利用重置密码功能重置用户密码,未授权进行访问。 0 Symantec LiveUpdate Administrator 2.x Symantec LiveUpdate Administrator 2.3.2.110已经修复该漏洞,建议用户下载更新:...
CVE-2014-1644
CVE-2014-1644 affects Symantec LiveUpdate Administrator (LUA) 2.x pre-2.3.2.110. The root cause is a flawed forgotten-password flow in the management GUI (/lua/forcepasswd.do) that allows unauthenticated password resets when the attacker knows the target email address, enabling potential full acc...