CVE-2014-9576

2022-10-0316:20:39

mitre

www.cve.org

vdg security sense

hardcoded password

vulnerability

remote attackers

access

postgres account

ntp windows user accounts

6.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.

References

packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html

seclists.org/fulldisclosure/2014/Dec/76

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt