PT-2020-16132 · Solarwinds · Solarwinds N-Central

Fabian Ullrich

Published

2020-12-16

Updated

2020-12-21

CVE-2020-25620

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SolarWinds N-Central version 12.3.0.670

Description An issue was discovered in SolarWinds N-Central where hard-coded credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These credentials allow logins to the N-Central Administrative Console and/or the regular web interface.

Recommendations For SolarWinds N-Central version 12.3.0.670, consider changing the default credentials for the support@n-able.com and nableadmin@n-able.com user accounts to prevent unauthorized access. As a temporary workaround, restrict access to the N-Central Administrative Console and the regular web interface until the issue is resolved.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-25620

Affected Products

Solarwinds N-Central

PT-2020-16132 · Solarwinds · Solarwinds N-Central

CVE-2020-25620

Weakness Enumeration

Related Identifiers

Affected Products

References · 8