Vulnerability Note VU#392654
Baramundi Management Suite transmits data and stores keys and credentials insecurely
Baramundi Management Suite versions 7.5 to 8.9 contains multiple vulnerabilities related to clear-text credential storage and transmission.
CWE-319: Cleartext Transmission of Sensitive Information - CVE-2013-3593
Baramundi Mangement Suite versions 7.5 to 8.9 transfers data in cleartext between the server and clients, and stores data in cleartext.
Since the software is used as an operating system deployment solution, it must have administrative rights to operate. As such, there are several impacts:
Apply an Update Baramundi Management Suite 2014 addresses CVE-2013-3593 and CVE-2013-3624. While a public download is not available, Baramundi Software AG requests that customers contact technical support.
Encrypt network traffic
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|baramundi software AG||Affected||30 Jul 2013||18 Jun 2014|
CVSS Metrics (Learn More)
Thanks to Damir Bozic for reporting this vulnerability.
This document was written by Chris King.
- CVE IDs: CVE-2013-3593 CVE-2013-3624 CVE-2013-3625
- Date Public: 01 Oct 2013
- Date First Published: 01 Oct 2013
- Date Last Updated: 18 Jun 2014
- Document Revision: 28
If you have feedback, comments, or additional information about this vulnerability, please send us email.