11 matches found
Information Leakage
Cumin aka MRG Management Console is vulnerable to information leakage. The vulnerability exists because of the use of weak DES-based hash function to hash password, allowing the attacker to brute-force to get plain text...
RHEL 6 : MRG (RHSA-2012:0477)
An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
RHEL 5 : MRG (RHSA-2012:0476)
An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
CVE-2014-0174
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Design/Logic Flaw
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-0174
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-0174
The CVE-2014-0174 issue affects Red Hat Enterprise MRG 2.5 (Cumin) where the session cookie is not marked HttpOnly in Set-Cookie, enabling potential script access to the cookie. Affected environments include Red Hat Enterprise Linux 5/6 running MRG 2.5. Root cause: Cumin did not set the HttpOnly ...
CVE-2013-6445
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...
CVE-2013-6445
CVE-2013-6445 affects Red Hat Enterprise MRG 2.5 where the Cumin (MRG Management Console) component uses the DES-based crypt() hash for passwords. Root cause: weak DES-based hashing enables faster brute-force recovery of plaintext passwords if a cumin user database is compromised. Impact: potenti...
CVE-2013-6445
Cumin aka MRG Management Console, as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Management Console security update
An updated MRG Management Console package that fixes several security issues is now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...