Hardcoded credentials

2015-01-0815:59:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.

CPENameOperatorVersion
vdg_senseeq2.3.13

CPE	Name	Operator	Version
	vdg_sense	eq	2.3.13

References

packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html

seclists.org/fulldisclosure/2014/Dec/76

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt