SUSE-SU-2013:0053

http://support.novell.com/security/cve/CVE-2012-0435.html

VU#806908

https://bugzilla.novell.com/show_bug.cgi?id=792712

The WebYaST web client hosted on the remote web server is vulnerable to a man-in-the-middle attack.  Authentication is not required to modify which hosts the WebYaST web client is configured to connect to.  A remote, unauthenticated attacker could exploit this by causing all WebYaST traffic to be routed through a host under their control.  This could result in the disclosure of sensitive information (e.g., usernames and passwords) and could allow an attacker to modify requests in transit.

CVE-2012-0435

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium