Executive Summary
Summary | |
---|---|
Title | Guidance EnCase Enterprise uses weak authentication to identify target machines |
Informations | |||
---|---|---|---|
Name | VU#912593 | First vendor Publication | 2007-11-09 |
Vendor | VU-CERT | Last vendor Modification | 2007-11-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#912593Guidance EnCase Enterprise uses weak authentication to identify target machinesOverviewGuidances EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than requested by an investigator.I. DescriptionGuidance EnCase Enterprise Edition allows investigators to remotely acquire disk images from target systems for forensic analysis. The remote target systems may be on the same LAN, or located on the Internet.The EnCase Enterprise Edition consists of three applications:
EnCase Enterprise Edition uses a public key encryption system to verify that the servlet is communicating with an authorized SAFE server, however the SAFE server uses IP authentication to verify the identity of the servlet. Information about this vulnerability was publicly disclosed by the iSec paper Weaknesses in Critical Evidence Collection. II. ImpactAn attacker may be able to supply the EnCase SAFE with a different image than what was requested by the investigator by using ARP spoofing or other well known network attacks.III. SolutionGuidance Encase customers should see the Guidance support portal for information about obtaining fixed software and workarounds.
Systems Affected
References
iSec partners released information about this vulnerability. This document was written by Ryan Giobbi and Jason McCormick.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/912593 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44745 | EnCase Enterprise Edition EEE Sservlet Acquisition Target Spoofing |