exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

EMC Secure Remote Services Virtual Edition Insecure Certificate Check

EMC Secure Remote Services Virtual Edition Insecure Certificate Check
Posted Aug 18, 2015
Authored by Securify B.V., Han Sahin

It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.

tags | advisory, remote, spoof
advisories | CVE-2015-0543
SHA-256 | 895ec0911f275467cdc882bab4fd519470eb66160a1c9ff1d02204173cd0bc37

EMC Secure Remote Services Virtual Edition Insecure Certificate Check

Change Mirror Download
------------------------------------------------------------------------
Insufficient certificate validation in EMC Secure Remote Services
Virtual Edition
------------------------------------------------------------------------
Han Sahin, November 2014

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
It was discovered that the server certificate validation checks
performed by EMC Secure Remote Services Virtual Edition are insecure.
Weak certificate validation allows attackers to perform a man in the
middle attack against ESRS connections. This allows for eavesdropping
on, and spoofing of provisioned devices in ESRS VE (including but not
limited to home calls to the ESRS portal esrs.emc.com).

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
EMC reports that the following versions are affected by this
vulnerability:

- EMC Secure Remote Services Virtual Edition 3.02
- EMC Secure Remote Services Virtual Edition 3.03
- EMC Secure Remote Services Virtual Edition 3.04

------------------------------------------------------------------------
See also
------------------------------------------------------------------------
- CVE-2015-0543 [2]
- ESA-2015-097 [3]: EMC Secure Remote Services (ESRS) Virtual Edition
(VE) Multiple Security Vulnerabilities

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
EMC released EMC Secure Remote Services Virtual Edition 3.06 that
resolves this vulnerability. Registered EMC Online Support customers can
download patches and software from support.emc.com [4] at:

EMC Secure Remote Services -> EMC Secure Remote Services Virtual Edition
-> Downloads

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20141114/insufficient_certificate_validation_in_emc_secure_remote_services_virtual_edition.html
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close