BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
[RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution Apr 09 2018 07:42AM
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: CyberArk Password Vault Web Access Remote Code Execution

The CyberArk Password Vault Web Access application uses authentication
tokens which consist of serialized .NET objects. By crafting manipulated
tokens, attackers are able to gain unauthenticated remote code execution
on the web serv...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus