ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
BID:23693
Info
ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
| Bugtraq ID: | 23693 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 27 2007 12:00AM |
| Updated: | May 08 2007 05:29PM |
| Credit: | An anonymous security researcher is credited with the discovery of this vulnerability. |
| Vulnerable: |
ManageEngine PasswordManager Pro Build 5401 |
| Not Vulnerable: |
ManageEngine PasswordManager Pro Build 5402 |
Discussion
ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error.
An attacker may leverage this issue to gain unauthorized access to the application's database with administrative privileges. Successful exploits will result in a complete compromise of vulnerable applications and may aid in further attacks.
ManageEngine Password Manager Pro Free edition is vulnerable; other versions may also be affected.
ManageEngine Password Manager Pro is prone to a remote unauthorized-access vulnerability due to a design error.
An attacker may leverage this issue to gain unauthorized access to the application's database with administrative privileges. Successful exploits will result in a complete compromise of vulnerable applications and may aid in further attacks.
ManageEngine Password Manager Pro Free edition is vulnerable; other versions may also be affected.
Exploit / POC
ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
An attacker may exploit this issue by submitting the following connection request:
$mysql -h example.com --port 2345 -u root
An attacker may exploit this issue by submitting the following connection request:
$mysql -h example.com --port 2345 -u root
Solution / Fix
ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
Solution:
The vendor released product build version 4502 and a patch to address this issue. Please see the references for more information.
ManageEngine PasswordManager Pro Build 5401
Solution:
The vendor released product build version 4502 and a patch to address this issue. Please see the references for more information.
ManageEngine PasswordManager Pro Build 5401
-
ManageEngine Upgrade Pack 4500 to 4502
http://download.adventnet.com/products/passwordmanagerpro/8621641/Mana geEngine_PasswordManager_Pro_4_0_0_SP-0_0_2.ppm -
ManageEngine Build 4502
http://manageengine.adventnet.com/products/passwordmanagerpro/download .html
References
ManageEngine Password Manager Pro Database Remote Unauthorized Access Vulnerability
References:
References:
- Instructions to apply the Upgrade Pack (ManageEngine)
- ManageEngine PasswordManager Pro Homepage (ManageEngine)