Tag moab

Advisories

Moab Authentication Bypass (CVE-2014-5300)

It is possible to bypass authentication within Moab in order to impersonate and run commands/operations as arbitrary users. The issue is believed to affect all versions of Moab prior to versions 7.2.9 and Moab 8.

John
2014-09-25

Advisories

Moab Authentication Bypass (insecure message signing) : (CVE-2014-5376)

Moab provides two methods to authenticate messages sent by users (e.g. job submissions). The default scheme which is widely used is insecure and can be circumvented in order to impersonate other users and perform operations on their behalf.

John
2014-09-25