CVE-2015-0922

Published: Jan 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

72298

vdb-entry

x_refsource_BID

20150112 Re: McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

mailing-list

x_refsource_FULLDISC

https://kc.mcafee.com/corporate/index?page=content&id=SB10095

x_refsource_CONFIRM

http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html

x_refsource_MISC

20150106 McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure

mailing-list

x_refsource_FULLDISC

macafee-cve20150922-info-disc(99949)

vdb-entry

x_refsource_XF

1031519

vdb-entry

x_refsource_SECTRACK

https://gist.github.com/brandonprry/692e553975bf29aeaf2c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-0922

Description

Affected Products

References