KL-001-2016-005 : Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Title: Cisco Firepower Threat Management Console Hard-coded MySQL Credentials Advisory ID: KL-001-2016-005 Publication Date: 2016.10.05 Publication URL: http://ift.tt/2dfA8fb 1. Vulnerability Details Affected Vendor: Cisco Affected Product: Firepower Threat Management Console Affected Version: Cisco Fire Linux OS 6.0.1 (build 37/build 1213) Platform: Embedded Linux CWE Classification: CWE-798: Use of Hard-coded Credentials Impact: Authentication Bypass CVE-ID: CVE-2016-6434 2. Vulnerability Description The root account for the local MySQL database has poor password complexity. 3. Technical Description root@firepower:/Volume/6.0.1# mysql -u root --password=admin Warning: Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 23348 Server version: 5.6.24-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial) Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases;
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment