Entrust Authority Security Manager Multiple Authorization Circumvention Vulnerability

It has been reported that the Entrust Authority Security Manager has a flaw in Master User authentication that could allow the unauthorized changing of master user passwords. Command line tools do not force the same authentication requirements as performed by the GUI application. Because of this, an attacker could use the command line tools to circumvent the trust model of the software.


 

Privacy Statement
Copyright 2010, SecurityFocus