CVE-2016-6599

Name of the Vulnerable Software and Affected Versions BMC Track-It! versions prior to 11.4 Hotfix 3

Description The issue exposes an unauthenticated .NET remoting configuration service on port 9010, specifically the ConfigurationService. This service has a method that can be used to retrieve a configuration file containing sensitive information such as the application database name, username, password, and the domain administrator username and password. The sensitive information is encrypted using the DES algorithm with a fixed key and IV ("NumaraIT"). The domain administrator credentials can be obtained if the Self-Service component is enabled, a common setup in enterprise environments.

Recommendations For versions prior to 11.4 Hotfix 3, apply Hotfix 3 to resolve the issue. As a temporary workaround, consider disabling the ConfigurationService on port 9010 until the hotfix is applied. Restrict access to the ConfigurationService to minimize the risk of exploitation. Avoid using the fixed key and IV ("NumaraIT") for encryption until the issue is resolved.