CVE-2016-5709

Name of the Vulnerable Software and Affected Versions SolarWinds Virtualization Manager versions 6.3.1 and earlier

Description The issue exists due to weak encryption used for storing passwords. This allows a local attacker to obtain user passwords using a brute force attack. The estimated number of potentially affected devices is not specified.

Recommendations For SolarWinds Virtualization Manager versions 6.3.1 and earlier, consider restricting access to the /etc/shadow file to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit local user privileges with superuser access to reduce the potential for brute force attacks on stored passwords.