CVE-2016-2230

Name of the Vulnerable Software and Affected Versions OpenELEC (affected versions not specified) RasPlex (affected versions not specified)

Description The issue is related to a hardcoded password for the root account in OpenELEC and RasPlex devices, making it easier for remote attackers to obtain access via an SSH session. This allows a remote attacker to exploit the vulnerability and gain access to the device using the SSH protocol.

Recommendations For OpenELEC, consider changing the hardcoded root password to a unique and secure password as a temporary workaround. For RasPlex, restrict access to the root account until a more permanent solution is available. As a general mitigation measure, restrict SSH access to only necessary users and consider disabling the root account for SSH access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.