Vulnerability Note VU#912036
N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined.
CWE-547: Use of Hard-coded, Security-relevant Constants
N-Able N-Central's RSM service stores the N-Able domain administrator account password in an encrypted (AES128) format. According to the reporter, however, the encrypted password is accessible by any authenticated local or remote user from within from the RSM web page source. The credentials are also available in an encrypted format via local RSM configuration files accessible by any local user with rights to browse program files. The encryption keys as well as other parameters needed for decryption are hard-coded and may be extracted from the N-Able RSM software stored on the local users system. An attacker can use this information to decrypt and obtain the domain administrator password used by the N-Able software.
According to the reporter, a remote attacker with domain user credentials or access to RSM files on an installed system can obtain domain administrator access.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SOLARWINDS||Affected||05 Jun 2015||01 Jul 2015|
CVSS Metrics (Learn More)
Thanks to Gary Blosser for reporting this vulnerability to us.
This document was written by Garret Wassermann.
- CVE IDs: Unknown
- Date Public: 20 Jul 2015
- Date First Published: 20 Jul 2015
- Date Last Updated: 20 Jul 2015
- Document Revision: 43
If you have feedback, comments, or additional information about this vulnerability, please send us email.