Back to search
CVE-2012-5930
Published: Dec 24, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://download.novell.com/Download?buildid=K6-PmbPjduA~
x_refsource_CONFIRM
https://www.netiq.com/support/kb/doc.php?id=7011385
x_refsource_CONFIRM
http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm
x_refsource_MISC
http://retrogod.altervista.org/9sg_novell_netiq_i.htm
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now