Credential Exposure in McAfee ePolicy Orchestrator
CVE-2015-0922

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 9 January 2015

Summary

A vulnerability exists in McAfee ePolicy Orchestrator prior to version 4.6.9 and version 5.1.2 that utilizes the same secret key across different customer installations. This design flaw allows attackers to potentially retrieve the administrator password through knowledge of the encrypted password, leading to unauthorized access and administrative control.

References

http://www.securityfocus.com/bid/72298

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2015/Jan/37

mailing-listx_refsource_FULLDISC

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 9, 2015
Vulnerability Reserved
Jan 9, 2015