{"id": "SECURITYVULNS:VULN:11865", "bulletinFamily": "software", "title": "VMware vFabric tc Server weak encryption", "description": "Server accepts cleartext password even if it's not allowed for user.", "published": "2011-08-17T00:00:00", "modified": "2011-08-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11865", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26854"], "cvelist": ["CVE-2011-0527"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:43", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "46056deb307caccc5a7ca000963a9fc1"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "589c2bc5bb779df30dd68a465a54e7f8"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "fbf0625258d57a6e55f3f5dd64e3c9c1"}, {"key": "href", "hash": "d9264e2c254b228f60543f09e09aa8ff"}, {"key": "modified", "hash": "0dfedf84e8a9988b87a4e7ecb8b9d410"}, {"key": "published", "hash": "0dfedf84e8a9988b87a4e7ecb8b9d410"}, {"key": "references", "hash": "9fdc387a02edf11085ea52d4015b9b38"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "01d3cd9028b6291d7e6e6b716d5f6df6"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c601079dd1a16ebc38857905a3dd8a206c54e6ff96e2f8bdf8c28965106e87a5", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2018-08-31T11:09:43"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0527"]}, {"type": "openvas", "idList": ["OPENVAS:902565", "OPENVAS:1361412562310902565"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26854"]}], "modified": "2018-08-31T11:09:43"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedSoftware": [{"name": "vFabric tc Server", "operator": "eq", "version": "2.0"}, {"name": "vFabric tc Server", "operator": "eq", "version": "2.1"}]}

{"cve": [{"lastseen": "2017-08-17T10:42:40", "bulletinFamily": "NVD", "description": "VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before 2.1.2.RELEASE accepts obfuscated passwords during JMX authentication, which makes it easier for context-dependent attackers to obtain access by leveraging an ability to read stored passwords.", "modified": "2017-08-16T21:33:36", "published": "2011-08-15T15:55:01", "id": "CVE-2011-0527", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0527", "title": "CVE-2011-0527", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-09-05T11:22:00", "bulletinFamily": "scanner", "description": "The host is running VMware vFabric tc Server and is prone to\n security bypass vulnerability.", "modified": "2017-09-04T00:00:00", "published": "2011-08-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902565", "id": "OPENVAS:902565", "title": "VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vmware_vfabric_tc_server_security_bypass_vuln.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow an attacker to bypass certain security\n restrictions and gain unauthorized access, which may lead to further attacks.\n Impact Level: Application\";\ntag_affected = \"vFabric tc Server versions 2.0.0 through 2.0.5.SR01\n vFabric tc Server versions 2.1.0 through 2.1.1.SR01\";\ntag_insight = \"The flaw is caused by the storing of passwords for JMX authentication in an\n obfuscated form, which makes it easier for context-dependent attackers to\n obtain access by leveraging an ability to read stored passwords.\";\ntag_solution = \"Upgrade to vFabric tc Server version 2.0.6.RELEASE or 2.1.2.RELEASE,\n For updates refer to http://www.vmware.com/products/vfabric-tcserver/\";\ntag_summary = \"The host is running VMware vFabric tc Server and is prone to\n security bypass vulnerability.\";\n\nif(description)\n{\n script_id(902565);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 13:40:07 +0200 (Wed, 31 Aug 2011)\");\n script_bugtraq_id(49122);\n script_cve_id(\"CVE-2011-0527\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/id?1025923\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/69156\");\n script_xref(name : \"URL\" , value : \"http://www.springsource.com/security/cve-2011-0527\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_vmware_springsource_tc_server_detect.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\n## Get HTTP Port\nport = get_http_port(default:8080);\nif(!port){\n exit(0);\n}\n\n## Get Version from KB\nsstcVer = get_kb_item(string(\"www/\", port, \"Vmaware/SSTC/Runtime\"));\nif(isnull(sstcVer)){\n exit(0);\n}\n\nsstcVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:sstcVer);\nif(isnull(sstcVer[1])){\n exit(0);\n}\n\n## Check for vFabric tc Server versions\nif(version_in_range(version:sstcVer[1], test_version:\"2.0.0\", test_version2:\"2.0.5.SR01\") ||\n version_in_range(version:sstcVer[1], test_version:\"2.1.0\", test_version2:\"2.1.1.SR01\")) {\n security_message(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-22T16:44:14", "bulletinFamily": "scanner", "description": "The host is running VMware vFabric tc Server and is prone to\n security bypass vulnerability.", "modified": "2018-10-20T00:00:00", "published": "2011-08-31T00:00:00", "id": "OPENVAS:1361412562310902565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902565", "title": "VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_vmware_vfabric_tc_server_security_bypass_vuln.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902565\");\n script_version(\"$Revision: 11997 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-31 13:40:07 +0200 (Wed, 31 Aug 2011)\");\n script_bugtraq_id(49122);\n script_cve_id(\"CVE-2011-0527\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"VMware vFabric tc Server JMX Authentication Security Bypass Vulnerability\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/id?1025923\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/69156\");\n script_xref(name:\"URL\", value:\"http://www.springsource.com/security/cve-2011-0527\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"secpod_vmware_springsource_tc_server_detect.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to bypass certain security\n restrictions and gain unauthorized access, which may lead to further attacks.\");\n script_tag(name:\"affected\", value:\"vFabric tc Server versions 2.0.0 through 2.0.5.SR01\n vFabric tc Server versions 2.1.0 through 2.1.1.SR01\");\n script_tag(name:\"insight\", value:\"The flaw is caused by the storing of passwords for JMX authentication in an\n obfuscated form, which makes it easier for context-dependent attackers to\n obtain access by leveraging an ability to read stored passwords.\");\n script_tag(name:\"solution\", value:\"Upgrade to vFabric tc Server version 2.0.6.RELEASE or 2.1.2.RELEASE.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"The host is running VMware vFabric tc Server and is prone to\n security bypass vulnerability.\");\n script_xref(name:\"URL\", value:\"http://www.vmware.com/products/vfabric-tcserver/\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:8080);\nif(!port){\n exit(0);\n}\n\nsstcVer = get_kb_item(string(\"www/\", port, \"Vmaware/SSTC/Runtime\"));\nif(isnull(sstcVer)){\n exit(0);\n}\n\nsstcVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:sstcVer);\nif(isnull(sstcVer[1])){\n exit(0);\n}\n\nif(version_in_range(version:sstcVer[1], test_version:\"2.0.0\", test_version2:\"2.0.5.SR01\") ||\n version_in_range(version:sstcVer[1], test_version:\"2.1.0\", test_version2:\"2.1.1.SR01\")) {\n security_message(port);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "Severity: Important\r\n\r\nVersions Affected:\r\n 2.0.0.RELEASE to 2.0.5.SR01\r\n 2.1.0.RELEASE to 2.1.1.SR01\r\n\r\nDescription:\r\ntc Server allows users to store the passwords used for JMX authentication in an obfuscated form for organizations where storing passwords in plain text is not permitted. The JMX authentication implementation was incorrectly allowing users to authenticate using the password in either its plain text form or its obfuscated form, bypassing the benefit of obfuscation.\r\n\r\nMitigation:\r\nIf you are not using password obfuscation, then you are not affected by this issue.\r\n Users of 2.0.x may mitigate this issue by upgrading to 2.0.6.RELEASE.\r\n Users of 2.1.x may mitigate this issue by upgrading to 2.1.2.RELEASE.\r\n Users of 2.5.x are not affected.\r\n\r\nCredit:\r\nThe issue was reported by the SpringSource tc Server support team.\r\n\r\nHistory\r\n 2011-08-11: Original Advisory", "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26854", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26854", "title": "CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}