CVE-2016-0883 Pivotal Ops Manager Weak Authentication Scheme
Severity
Critical
Vendor
Pivotal
Versions Affected
- PCF Ops Manager 1.0 - 1.4.x, 1.5.0 - 1.5.13, 1.6.0 - 1.6.8
Description
Pivotal Cloud Foundry Ops Manager web authentication uses a weak authentication scheme that can be compromised by a remote user. Session information, located in an encrypted cookie, is encrypted with a key shared between installations of Ops Manager.
Mitigation
Pivotal Ops Manager users should follow the appropriate mitigation below:
- Upgrade to Ops Manager 1.6.9 and later versions of 1.6.x
- Upgrade to Ops Manager 1.5.14 and later versions of 1.5.x
Credit
Andrew Cantino