PT-2015-3073 · Opennms · Opennms

Justin Kennedy

Published

2015-10-16

Updated

2015-10-19

CVE-2015-7856

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions OpenNMS (affected versions not specified)

Description The issue is related to the use of a default password rtc for the rtc account in the OpenNMS remote monitoring and management system. This allows a remote attacker to gain access to the system by leveraging knowledge of the credentials.

Recommendations For all affected versions, change the default password rtc for the rtc account to a strong and unique password to prevent unauthorized access. As a temporary workaround, consider restricting access to the rtc account until a more secure configuration is implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

BDU:2016-00278

CVE-2015-7856

Affected Products

Opennms

PT-2015-3073 · Opennms · Opennms

CVE-2015-7856

Weakness Enumeration

Related Identifiers

Affected Products

References · 4