Company Blog

Start A FREE Trial
« Back to Resources

Security Digest March 15 – March 18 – 3 vulnerabilities

What a busy week it was. Endless critical vulnerabilities were found in major platforms. I decided to focus on three of them

1) (CRITICAL) RDP Remote code execution – you server allows incoming RDP (Terminal Server)? The most probably people can gain admin access without having a valid name and password:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0002

http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

http://www.securityfocus.com/bid/52353/

2) Joomla! admin access – A malicious user can create an new account with elevated privileges (Admin) since the system doesn’t validate input properly. It’s also interesting reading the talkbacks at the bottom of that page.

http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html

3) Joomla! Predictable password – Joomla!’s random password generator was weak, since it used the predictable mt_rand function:

http://www.securityfocus.com/bid/52535

Want to get future blog posts in your inbox? Sign up for our weekly newsletter!

Tags: , ,