CVE-2015-0543

Related Files

EMC Secure Remote Services Virtual Edition Insecure Certificate Check

Posted Aug 18, 2015

Authored by Securify B.V., Han Sahin

It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.

tags | advisory, remote, spoof

advisories | CVE-2015-0543

SHA-256 | 895ec0911f275467cdc882bab4fd519470eb66160a1c9ff1d02204173cd0bc37

Download | Favorite | View

ESRS VE 3.0x Certificate Validation / Insufficient Randomness

Posted Jun 29, 2015

Site emc.com

Secure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.

tags | advisory, remote, spoof

advisories | CVE-2015-0543, CVE-2015-0544

SHA-256 | b38444a20c64e620d0b349751fad79209790fecff7eef46ff991d95560c7f125

Download | Favorite | View