Default credentials

2022-03-2315:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.4%

JSON

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user’s password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.

CPENameOperatorVersion
epolicy_orchestratoreq5.10.0 update-1
epolicy_orchestratoreq5.10.0 update-2
epolicy_orchestratoreq5.10.0 update-3
epolicy_orchestratoreq5.10.0 update-4
epolicy_orchestratoreq5.10.0 update-5
epolicy_orchestratoreq5.10.0 update-6
epolicy_orchestratoreq5.10.0
epolicy_orchestratorlt5.10.0
epolicy_orchestratoreq5.10.0 update-7
epolicy_orchestratoreq5.10.0 update-8

Name	Operator	Version
epolicy_orchestrator	eq	5.10.0 update-1
epolicy_orchestrator	eq	5.10.0 update-2
epolicy_orchestrator	eq	5.10.0 update-3
epolicy_orchestrator	eq	5.10.0 update-4
epolicy_orchestrator	eq	5.10.0 update-5
epolicy_orchestrator	eq	5.10.0 update-6
epolicy_orchestrator	eq	5.10.0
epolicy_orchestrator	lt	5.10.0
epolicy_orchestrator	eq	5.10.0 update-7
epolicy_orchestrator	eq	5.10.0 update-8