mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
893 B
893 B
CVE-2015-0922
Description
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
POC
Reference
- http://packetstormsecurity.com/files/129827/McAfee-ePolicy-Orchestrator-Authenticated-XXE-Credential-Exposure.html
- http://seclists.org/fulldisclosure/2015/Jan/8
- https://kc.mcafee.com/corporate/index?page=content&id=SB10095
Github
No PoCs found on GitHub currently.