McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.
References
Link | Resource |
---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-08-22 03:42
Updated : 2012-08-22 03:42
NVD link : CVE-2012-4588
Mitre link : CVE-2012-4588
JSON object : View
CWE
CWE-255
Credentials Management Errors
Products Affected
mcafee
- enterprise_mobility_manager
- enterprise_mobility_manager_agent