The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate malicious users to gain privileges and maintain control over the administrator account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rpath appliance platform agent 2 |
||
rpath appliance platform agent 3 |