David Mayer

**Name of the Vulnerable Software and Affected Versions** Trellix ePolicy Orchestrator (ePO) on Premise versions prior to 5.10 Service Pack 1 Update 2 **Description** A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the `orion.keystore` file, accessing the ePO database encryption key. This is possible due to a hard-coded password for the keystore. The vulnerability is only exploitable if the user is the system admin for the server that ePO is running on. **Recommendations** For versions prior to 5.10 Service Pack 1 Update 2, update to version 5.10 Service Pack 1 Update 2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `orion.keystore` file to minimize the risk of exploitation.