PT-2017-16239 · Emc · Emc Esrs Policy Manager

Travis Emmert

Published

2017-07-09

Updated

2019-10-03

CVE-2017-4976

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions EMC ESRS Policy Manager versions prior to 6.8

Description The issue concerns an undocumented account, specifically the OpenDS admin, which has a default password. This allows a remote attacker who knows the default password to log in and gain administrator privileges to the local LDAP directory server.

Recommendations For versions prior to 6.8, change the default password of the OpenDS admin account to prevent unauthorized access. As a temporary workaround, consider restricting access to the LDAP directory server until the default password is changed.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2017-4976

Affected Products

Emc Esrs Policy Manager

PT-2017-16239 · Emc · Emc Esrs Policy Manager

CVE-2017-4976

Weakness Enumeration

Related Identifiers

Affected Products

References · 4