admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

added CVE-2018-15766

Browse Source
This commit is contained in:
DellEMCProductSecurity 2018-10-11 13:22:51 -04:00
parent e5c444add2
commit 1aaf46fc8b
1 changed files with 79 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2018/15xxx/CVE-2018-15766.json
View File

@ -1,18 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15766",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-09T17:59:00.000Z",
"ID": "CVE-2018-15766",
"STATE": "PUBLIC",
"TITLE": "Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Encryption",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "10.0.1 "
}
]
}
},
{
"product_name": "Endpoint Security Suite Enterprise ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.0.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the \"Minimum Password Length\" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device.\n\nThis value is defined during the installation of the \"Encryption Management Agent\" or \"EMAgent\" application. There are no other known values modified."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password Policy Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "For affected devices, the minimum password length policy should be changed manually to what is desired for the current environment.\n\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprises Encryption Management Agent is installed on a Domain Controller or a device that is not joined to a domain, the default minimum password length will need to be changed on the local device.\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprises Encryption Management Agent is installed on a device that is joined to a domain, the default minimum password length will need to be changed within the enterprises Group Policy Management console.\nDefault values for this property is 7 in most configurations.\n\nThis Microsoft KB article outlines how to modify this setting:\nhttps://technet.microsoft.com/en-us/library/dd277399.aspx External Link"
}
]
}