PT-2015-6045 · Sysaid+1 · Sysaid Help Desk+1
Pedro Ribeiro
·
Publicado
2015-06-08
·
Atualizado
2018-10-09
·
CVE-2015-3001
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SysAid Help Desk versions prior to 15.2
Description
The issue concerns the use of a hardcoded password for the sa SQL Server Express user account. This hardcoded password,
Password1, can be leveraged by remote authenticated users to bypass intended access restrictions.Recommendations
For versions prior to 15.2, update to version 15.2 or later to resolve the issue. As a temporary workaround, consider changing the hardcoded password
Password1 for the sa SQL Server Express user account to a unique and secure password until a patch is applied. Restrict access to the SQL Server Express user account to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sql Server Express
Sysaid Help Desk