2 matches found
Dell iDRAC9 SSL/TLS Protection Not Enforced (CVE-2018-1249)
Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server. This plugin only works...
CVE-2018-1249
Dell EMC iDRAC9: CVE-2018-1249 affects versions prior to 3.21.21.21; the issue is failure to enforce TLS/SSL for certain URLs to the iDRAC web server, enabling MITM to strip protection. Affected component: iDRAC9 web interface. Root cause: TLS/SSL enforcement not applied for specific URLs (as sta...