cve/2015/CVE-2015-0922.md

### [CVE-2015-0922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0922)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

### POC

#### Reference
- http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html
- http://seclists.org/fulldisclosure/2015/Jan/8
- https://kc.mcafee.com/corporate/index?page=content&id=SB10095

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-0922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0922)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html`
			`- http://seclists.org/fulldisclosure/2015/Jan/8`
			`- https://kc.mcafee.com/corporate/index?page=content&id=SB10095`

			`#### Github`
			`No PoCs found on GitHub currently.`