CVE-2008-2139 - Peg top Sixtyniner


The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session including requests to change the password which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.