Security Digest March 15 – March 18 – 3 vulnerabilities

Mar 18, 2012 By Administrator

What a busy week it was. Endless critical vulnerabilities were found in major platforms. I decided to focus on three of them

1) (CRITICAL) RDP Remote code execution – you server allows incoming RDP (Terminal Server)? The most probably people can gain admin access without having a valid name and password:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0002

http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx

http://www.securityfocus.com/bid/52353/

2) Joomla! admin access – A malicious user can create an new account with elevated privileges (Admin) since the system doesn’t validate input properly. It’s also interesting reading the talkbacks at the bottom of that page.

http://jeffchannell.com/Joomla/joomla-161725-privilege-escalation-vulnerability.html

3) Joomla! Predictable password – Joomla!’s random password generator was weak, since it used the predictable mt_rand function:

http://www.securityfocus.com/bid/52535

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.