CVE-2017-4976

Name of the Vulnerable Software and Affected Versions EMC ESRS Policy Manager versions prior to 6.8

Description The issue concerns an undocumented account, specifically the OpenDS admin, which has a default password. This allows a remote attacker who knows the default password to log in and gain administrator privileges to the local LDAP directory server.

Recommendations For versions prior to 6.8, change the default password of the OpenDS admin account to prevent unauthorized access. As a temporary workaround, consider restricting access to the LDAP directory server until the default password is changed.