The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-12T17:00:00

Updated: 2024-08-07T08:49:58.595Z

Reserved: 2008-05-12T00:00:00

Link: CVE-2008-2139

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-05-12T17:20:00.000

Modified: 2017-08-08T01:30:48.027

Link: CVE-2008-2139

cve-icon Redhat

No data.