Description
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78130
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10021
Scores
EPSS
0.0018
EPSS Percentile
38.7%
Details
CWE
CWE-264
Status
published
Products (2)
mcafee/enterprise_mobility_manager
< 4.7
mcafee/enterprise_mobility_manager_agent
< 10.0
Published
Aug 22, 2012
Tracked Since
Feb 18, 2026