Arbitrary Access Key and Signing Certificate Modification Vulnerability in HP Helion Eucalyptus

Arbitrary Access Key and Signing Certificate Modification Vulnerability in HP Helion Eucalyptus

CVE-2014-5040 · MEDIUM Severity

AV:N/AC:H/AU:S/C:P/I:P/A:P

HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID.

Learn more about our User Device Pen Test.