N/A

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.

N/A

N/A

McAfee Enterprise Mobility Manager 权限许可和访问控制漏洞

McAfee Enterprise Mobility Manager (EMM) Agent 4.8之前版本和Server 10.1之前版本中存在漏洞，该漏洞源于一次性配置(OTP)启用时，不正确依赖DNS SRV记录。远程攻击者可利用该漏洞通过欺骗EMM服务器发现用户密码，如iOS设备上的输入密码。

N/A

N/A