CVE-2008-4315

tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.

Published: Nov 27, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4315
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	5.0	5.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x

http://osvdb.org/50278
http://secunia.com/advisories/32862
http://www.redhat.com/support/errata/RHSA-2008-1001.html
http://www.securitytracker.com/id?1021281
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.0-7.fc9
https://admin.fedoraproject.org/updates/tog-pegasus-2.7.1-3.fc10
https://bugzilla.redhat.com/show_bug.cgi?id=472017
https://exchange.xforce.ibmcloud.com/vulnerabilities/46830
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9431

Vulnerability Database

289,871

CVE-2008-4315