CVE-2012-4613

Published: Nov 16, 2012Modified: Apr 29, 2026

6.9

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 3.4 / Impact: 10.0

Source: NVD

Description

EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack.

Affected (4)

Products: Emc: Rsa Data Protection Manager Appliance

Emc

1 product

Rsa Data Protection Manager Appliance

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Emc Rsa Data Protection Manager Appliance	Version 2.7.0
Emc Rsa Data Protection Manager Appliance	Version 3.0
Emc Rsa Data Protection Manager Appliance	Version 3.1
Emc Rsa Data Protection Manager Appliance	Version 3.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html

Source: security_alert@emc.com

http://www.securityfocus.com/bid/56508

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/56508

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.