It was discovered that the server certificate validation checks performed by EMC Secure Remote Services Virtual Edition are insecure. Weak certificate validation allows attackers to perform a man in the middle attack against ESRS connections. This allows for eavesdropping on, and spoofing of provisioned devices in ESRS VE (including but not limited to home calls to the ESRS portal esrs.emc.com). Versions 3.02, 3.03, and 3.04 are affected.
895ec0911f275467cdc882bab4fd519470eb66160a1c9ff1d02204173cd0bc37