Auth bypass in Redhat Network_satellite_server

CVE-2011-0718

Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.

Vulnerability class: Broken Authentication

EPSS: 0.005 (67.0th percentile) — read the EPSS interpretation.

Affected products

Redhat Network_satellite_server — versions 5.4
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

46528 (vdb-entry, x_refsource_BID)
ADV-2011-0491 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
RHSA-2011:0300 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
1025116 (vdb-entry, x_refsource_SECTRACK)
rhnss-weak-security(65657) (vdb-entry, x_refsource_XF)
43487 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)