CVE-2015-0532

Published: May 1, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

Affected (2)

Products: Emc: Rsa Identity Management And Governance

1 product

Rsa Identity Management And Governance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Emc Rsa Identity Management And Governance	Version 6.9.0
Emc Rsa Identity Management And Governance	Version 6.9.1

Related CWEs

References (6)

http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html

Source: security_alert@emc.com

http://seclists.org/bugtraq/2015/Apr/204

Source: security_alert@emc.com

http://www.securitytracker.com/id/1032218

Source: security_alert@emc.com

http://packetstormsecurity.com/files/131710/RSA-IMG-6.9-6.9.1-Insecure-Password-Reset.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/bugtraq/2015/Apr/204

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032218

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.