QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2015-5610

Back to search

CVE-2015-5610

Published: Jul 21, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.

VendorProductVersions

n/a

n/a

affected
n/a

References

VU#912036
third-party-advisory
x_refsource_CERT-VN
75969
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now