Описание
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20180910 (включая)
cpe:2.3:a:solarwinds:sftp\/scp_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00347
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
EPSS
Процентиль: 57%
0.00347
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522