Hardcoded credentials

2016-10-0516:59:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.

CPENameOperatorVersion
fortiwlceq7.100.0
fortiwlceq8.50.0
fortiwlceq8.240.0
fortiwlceq7.91.0
fortiwlceq<= 6.1229
fortiwlceq8.120.0

Name	Operator	Version
fortiwlc	eq	7.100.0
fortiwlc	eq	8.50.0
fortiwlc	eq	8.240.0
fortiwlc	eq	7.91.0
fortiwlc	eq	<= 6.1229
fortiwlc	eq	8.120.0

References

fortiguard.com/advisory/FG-IR-16-029

www.securityfocus.com/bid/93286