Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Entrust Authority Security Manager多个验证欺骗漏洞
Vulnerability Description
Entrust Authority Security Manager用于颁发、管理及废除X.509证书。负责密钥备份及恢复、更新密钥对及支持交叉认证,并为证书库支持活动目录、X.500和LDAP目录。 Entrust Authority安全管理系统存在验证漏洞,远程攻击者可以利用这个漏洞欺骗软件的认证模型,更改主用户密码。 Entrust Authority安全管理系统的主用户(Master user)验证机制存在缺陷,允许未授权更改主用户密码。问题是由于命令行工具不需要执行GUI应用程序所需的验证过程,
CVSS Information
N/A
Vulnerability Type
N/A