Unauthenticated Access to Sensitive Information in BreakingPoint Storm Appliance

Unauthenticated Access to Sensitive Information in BreakingPoint Storm Appliance

CVE-2012-2963 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.

Learn more about our Web App Pen Testing.