CVE-2012-5930

Microfocus Privileged User Manager - Authentication Bypass

Title source: rule

Description

The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/22737

View Code ZIP pw:eip

References (4)

[Various Sources] http://download.novell.com/Download?buildid=K6-PmbPjduA~

[Exploit] http://retrogod.altervista.org/9sg_novell_netiq_i.htm

[Exploit] http://retrogod.altervista.org/9sg_novell_netiq_i_adv.htm

[Vendor Advisory] https://www.netiq.com/support/kb/doc.php?id=7011385

Scores

EPSS 0.0454

EPSS Percentile 89.2%

Details

CWE

CWE-287

Status published

Products (2)

microfocus/privileged_user_manager 2.3.0

microfocus/privileged_user_manager 2.3.1

Published Dec 24, 2012

Tracked Since Feb 18, 2026