McAfee Security Information and Event Management 9.3.x < 22.214.171.124 / 9.4.x < 126.96.36.199 / 9.5.x < 188.8.131.52 Authentication Bypass (SB10137)
High Nessus Plugin ID 90424
SynopsisThe remote device is affected by an authentication bypass vulnerability.
DescriptionAccording to its self-reported version, the McAfee Security Information and Event Management (SIEM) application installed on the remote host is 9.3.x prior to 184.108.40.206, 9.4.x prior to 220.127.116.11, or 9.5.x prior to 18.104.22.168. It is therefore, affected by an authentication bypass vulnerability in the Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) components due to improper sanitization of usernames. This vulnerability occurs when these components are configured to use Active Directory or LDAP as authentication sources. A remote attacker can exploit this issue, via a specially crafted username, to log on to the system using any password.
SolutionUpgrade to the relevant fixed version according to the McAfee advisory.