Arbitrary Program Execution via Invalid SSL Certificate in Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A

Arbitrary Program Execution via Invalid SSL Certificate in Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A

CVE-2010-4506 · MEDIUM Severity

AV:L/AC:H/AU:N/C:C/I:C/A:C

Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A allows physically proximate attackers to execute arbitrary programs without authentication by triggering use of an invalid SSL certificate and using the Internet Explorer interface to navigate through the filesystem via a "Save As" dialog that is reachable from the "Certificate Export" wizard.

Learn more about our Physical Security Assessment.