[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
assignment question
- To: "cve-editorial-board-list@lists.mitre.org" <cve-editorial-board-list@LISTS.MITRE.ORG>
- Subject: assignment question
- From: Art Manion <amanion@cert.org>
- Date: Tue, 11 Dec 2018 19:42:27 -0500
- Authentication-results: spf=neutral (sender IP is 198.49.146.235) smtp.mailfrom=cert.org; LISTS.MITRE.ORG; dkim=test (signature was verified) header.d=cert.org;LISTS.MITRE.ORG; dmarc=pass action=none header.from=cert.org;
- Autocrypt: addr=amanion@cert.org; keydata= xsFNBFoV8GMBEACXd7zH23Gx/W77Gr3Hs+n+BTtEt7IP0jU26vM9i4ASGewrIFZaRIOgL964 xX7Qk1wvxLl8HvUomLNHsJIZYG4EKcNkEfREO7lTx/3nYhG3wjF0DcHYuLwUkwAS3N6p9PQ7 bvEsXZMbfG0L8ASgRy0h4dWg+XGV4xT64REsIlzSsclVaHKTvP7FAMCDG70L/2wc+w24RAzs TYhfxLp4w8TBaVj/pONm+EDGVtK5u4LPLpLS0xmlGxgKP9mYSYAF3j44msAsbsuFPfWTa8JU s9yASol4pMECH24Cp3snHlSNHMl1APfVz3Xsfw5x/mekgCAPcGCARhA9ltRHLYgVMr1JCYZW JdyUB0UEiY0xvlb5JYfCFJm4fL8E2xoW/ATmDIxkU0qguL55AD2VYEwbWEsiP725YMSKBDaC cGH9fa2iuSxnflui6wR4K+FOjXfB2nF561q+HjlRb6bahdkYzWccX4fx3dSlZ6w62qRFNKAE 5zUfe2ZHwis9Bx9iqIp7Ini/sZ3ESJgMr7qlSSkYl10Esdl5CyFyxQ5g/LgzOlywdHazju13 /ckVBPo5vz9ZPOmafiUDSz6R/kbC0+nCrJSjIBvDfBWG7Gl2gon4HqB4Ji6r3+gFEFFJl+O/ PwID6Wh0jAjTQWvD+5L/vFTZ3/875Q2OcoxL9Hh4ls5ptg+7uwARAQABzR1BcnQgTWFuaW9u IDxhbWFuaW9uQGNlcnQub3JnPsLBkQQTAQgAOwIbAwIeAQIXgAULCQgHAwUVCgkICwUWAgMB ABYhBBHNrv2hhwlGumhcAVNt4uTRu2rfBQJaFmXUAhkBAAoJEFNt4uTRu2rfY1IP/j8cjh38 B0mnEo0Lk27r/mYRQhj2Yk/ClsAuPWea56BGAswtW2Q6g6DswcinjvTxrycSqAfpj2ZQP9Rx Ib/FsfozF5bC7Ja5/W4amH1NcTr/cE+sgKX3XZcRlOIrw2d0jmS1SAtDWPWn4zTYKoR7cbDz BAAABLb8/xQn7YFgf8nKQ4ZM0yOTUOnF7wG42UU0Y0ww3b+x2/ZMys0ntpz4ZSOgVJlun2xP WgFzkHu/fEJkVTPkZQweRULIGeFJBzuJP46+FMy6PJFZ/ZudzLy/VBMVAxA/yOszLbRvsl6z 3prRMgI+fJF/11ohRVQ5DWzS4AmfnI9RP6aOlUgEi4MYMcbYKrYGwguhGOpdg5iaO6ir4mhd OMcKLeV0ZqSef0ZpXTLQiTzWuFg9ECof5OCK/Y2VQ2EXyWIi7q4OPTFFoZBl2keoF6j0k272 PCYfJZIzq/ER9mfoH1+7nmIxvZ+XXQ6EoCCPv6le8VKQyZOFVgjD5rPvCeGZgAs9CRbfqYNm bF3jqeMk4kZbJ/+GsKv66M4R0VI2DijOLNF1kGXeU6s45lUBZmcT0Fb2MQ78rNItpeUP+XYj fpB0g/woOIstbSoOqpVZf++HIjnmMHj9jJrbFcMVIPac89EDcjbab3zPTMb5LHdk6AxMsWRM QqxofqoqqzNI7RiKisaDQhINXRwAzsBNBFoV8roBCADZKC4LLl6XhVvHCZZIwa9t2e+swdln YRtxwG1TDRxM1PaV7VDzB9K1FMRDC9CQQmiwI+Vl2j0Kn3BUvkCp3zmP+S7CRgK2vfP1GBAs CURE6j6M7S47qOhQvAvJK0qlF14tCBSX16CceGFV0XzfOUnQGt6m8AnVTr7WODilYsJPWUrj xLe3cKQJs7zk3iMLH1lJ7jNXlAQUgrTurVD7sl6PbKgbmDw3tIgXwep7tMOUzpiN4vCPALA+ WYL+0VxE03TZj/FqNzNrjoKXw+X3za675QnLsXww2cgLBV0Zjg3HZVDT5/0LlQjYqPnaWh3s ZG8uRJ104Thx1JVFLN4+8aDrABEBAAHCwXwEGAEIACYWIQQRza79oYcJRrpoXAFTbeLk0btq 3wUCWhXyugIbDAUJBaOagAAKCRBTbeLk0btq3zHYD/4vvS0lul3UKWGeRsVb33Y3eJ1yv4O3 EpBtmkVgCyxdG3zj8YrI15DCzhn6LSN3FqjV+wovE3SsxIrRjn7eoBA6SH54KlFRrW7pAARc NQaHFU+nX6ST6X3pOoNYzhXPZjkxoUpxyC+ehNARx+3tlQ0LScEr0L5Ttvr8W7nopWaXeuCt VI+8tjDnsCtWLaI2bYi3TYWDJdgWzNFSGYioqIxvQHIpokFZAx6fTKtEYaAqqg2cefRDgNoU bMcHmNtVMAXThLdNAx23F/sv2gV9a612ktCwl6hjKu1vuK4KGnhQu1T/oRk5EUA8jy5yBB6/ S5jwYbZR01EriZXSTXwT/gJcThBIXH8i9/4lUwdhV8+iBP/Pomhs8D7dPU7q1fUYlvVxn8iN K7IFoWdptGv+bhdNsf/qWGxVxOHwTAipr73Fl3eC5RovVM2aAK2Bx6xQFXlh4uPcI/S0gIPG tytClYZxtbXKM3qVhUTZgg1Ge6MgtgJkKWttzRciW0N9t5pZ/IbH7ax0NUv2hjHovGBXhuQb cVAEgmx90iyx9iRizCpgr3JyDNtKX+bc26aGI+mFOdiawp2HihhSazqiEpuNrxlQVWgMgmXa RduAg8L9z2CshZ6Zkcmwea79r8yDsBbwfJEZ71T0WWyfm1UcRVflPFAYb9xE8Ulgh8BQzw// z7Y5Lw==
- Delivery-date: Wed Dec 12 07:40:28 2018
- Dkim-filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu wBC0gWlv012053
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1544575352; bh=wtHEXbolbx6+V5pKjl9Gxd2U41yj9D87xW9I5NsZTXo=; h=To:From:Subject:Date:From; b=WeEAr8+SW4/LgExXGuo6qtoW4QPXrOMc69dNL9YdRcTjzA+xxERIMPtfNfz405InU +oUQgeFhxu6q3YysdaSBFW3WdYAiJR2RhbAsUCbzNPYASs2H+5BJ9Q6XnTlIm+E7WI Pt+ui6mBzrhYcZaJUUqwDY4J7btvJG0bbmXvMDGk=
- Openpgp: preference=signencrypt
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
There is some software, part of the installation is a web
server/application. On initial install, the web application is
configured with a default password. Upon first login, the user is
required to change the password, create new accounts(s), along with
other first-time setup configuration activities.
IOW, if I obtain and install this software and walk away before
completing the first-time setup, I've left myself exposed.
This is *barely* a vulnerability in my book, assuming there are
sufficient warnings and documentation informing the user about the need
to run the first-time setup.
CVE or no CVE?
Thanks,
- Art
My answer is a weak "yes" with as low a severity/priority as possible.