Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution
Apr 09 2018 07:42AM
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: CyberArk Password Vault Web Access Remote Code Execution
The CyberArk Password Vault Web Access application uses authentication
tokens which consist of serialized .NET objects. By crafting manipulated
tokens, attackers are able to gain unauthenticated remote code execution
on the web serv...
[ more ]
Copyright 2010, SecurityFocus