CVE-2014-0643 — HIGH (7.6) — White Hats Nepal

Q: How severe is CVE-2014-0643?

CVE-2014-0643 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0643?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Netwitness, Emc Rsa Security Analytics.

Vulnerability Description

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Emc	Rsa Netwitness	< 9.8.5.19
Emc	Rsa Security Analytics	>= 10.2, < 10.2.4

Related Weaknesses (CWE)

CWE-287

References

http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.htmlThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-05/0052.htmlThird Party Advisory

FAQ

What is CVE-2014-0643?

CVE-2014-0643 is a vulnerability with a CVSS score of 7.6 (HIGH). EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass a...

How severe is CVE-2014-0643?

CVE-2014-0643 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0643?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Rsa Netwitness, Emc Rsa Security Analytics.