Dell SecureWorks Security Advisory SWRX-2012-006
Advisory Information
- Title: BreakingPoint Systems Storm CTM Network Traffic Information Disclosure Vulnerability
- Advisory ID: SWRX-2012-006
- Date published: Wednesday, August 1, 2012
- CVE: CVE-2012-2964
- CVSS v2 base score: 4.8
- Date of last update: Wednesday, August 1, 2012
- Vendors contacted: BreakingPoint Systems
- Release mode: Coordinated
- Discovered by: Jeff Jarmoc, Dell SecureWorks
Summary
A vulnerability exists in BreakingPoint Systems Storm CTM, which is used to test networks and data centers for resilience in the face of escalating application load and attack. The BreakingPoint Systems Storm CTM appliance and administrative Control Center graphical user interface (GUI) clients communicate in plain text. All information exchanged between client and server, including username and password, is sent in the clear. Attackers may be able to leverage this weakness by using commodity network sniffers to gather sensitive configuration information, including account credentials, session authentication tokens, test configurations, and test results.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As" or "Save Target As" and then open with Notepad)