Vulnerability Note VU#392654
Baramundi Management Suite transmits data and stores keys and credentials insecurely
Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission.
CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593
Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in cleartext between the server and clients, and stores data in cleartext.
Since the software is used as an operating system deployment solution, it must have administrative rights to operate. As such, there are several impacts:
Apply an Update
Encrypt network traffic
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|baramundi software AG||Affected||30 Jul 2013||18 Jun 2014|
CVSS Metrics (Learn More)
Thanks to Damir Bozic for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2013-3593 CVE-2013-3624 CVE-2013-3625
- Date Public: 01 Oct 2013
- Date First Published: 01 Oct 2013
- Date Last Updated: 21 Aug 2014
- Document Revision: 33
If you have feedback, comments, or additional information about this vulnerability, please send us email.