VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.
References
Configurations
History
21 Nov 2024, 02:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html - Exploit | |
References | () http://seclists.org/fulldisclosure/2014/Dec/76 - Exploit | |
References | () https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt - Exploit |
Information
Published : 2015-01-08 15:59
Updated : 2024-11-21 02:21
NVD link : CVE-2014-9576
Mitre link : CVE-2014-9576
CVE.ORG link : CVE-2014-9576
JSON object : View
Products Affected
vdgsecurity
- vdg_sense
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor