CVE Vulnerabilities

CVE-2010-1454

Improper Authentication

Published: May 19, 2010 | Modified: Oct 10, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 before 6.0.20.D, and 6.0.25.A before 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote attackers to obtain JMX interface access via a blank password.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Tc_server Vmware 6.0.25.a 6.0.25.a
Tc_server Vmware 6.0.20.a 6.0.20.a
Tc_server Vmware 6.0.20.b 6.0.20.b
Tc_server Vmware 6.0.19.a 6.0.19.a
Tc_server Vmware 6.0.20 6.0.20
Tc_server Vmware 6.0.20.c 6.0.20.c
Tc_server Vmware 6.0.19 6.0.19

Potential Mitigations

References