Vulnerability Note VU#392654
Baramundi Management Suite transmits data and stores keys and credentials insecurely
Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission.
CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593
Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in cleartext between the server and clients, and stores data in cleartext. It is unknown if Baramundi Management Suite version 8.9 is affected by this vulnerability.
Since the software is used as an operating system deployment solution, it must have administrative rights to operate. As such, there are several impacts:
We are currently unaware of a practical solution to this problem.
Encrypt network traffic Use layer 3 encryption between the Baramundi clients and servers to prevent sniffing attacks.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|baramundi software AG||Affected||30 Jul 2013||01 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Damir Bozic for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2013-3593 CVE-2013-3624 CVE-2013-3625
- Date Public: 01 Oct 2013
- Date First Published: 01 Oct 2013
- Date Last Updated: 13 Nov 2013
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.