CVE-2015-0922

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 9 January 2015

Summary

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

References

http://www.securityfocus.com/bid/72298

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2015/Jan/37

mailing-listx_refsource_FULLDISC

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 9, 2015
Vulnerability Reserved
Jan 9, 2015