Sql injection

2016-06-2417:59:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.

CPENameOperatorVersion
virtualization_managerle6.3.1

CPE	Name	Operator	Version
	virtualization_manager	le	6.3.1

References

packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html

seclists.org/fulldisclosure/2016/Jun/38