Vulnonym.org

CVE-2008-2139 - Peg top Sixtyniner

Description

The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session including requests to change the password which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.

Reference

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/42394 https://exchange.xforce.ibmcloud.com/vulnerabilities/42393