The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain privileges and maintain control over the administrator account.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Appliance_platform_agent | Rpath | 2 (including) | 2 (including) |
| Appliance_platform_agent | Rpath | 3 (including) | 3 (including) |