Weak Encryption of Passwords in SolarWinds Virtualization Manager 6.3.1 and Earlier

Weak Encryption of Passwords in SolarWinds Virtualization Manager 6.3.1 and Earlier

CVE-2016-5709 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:N/A:N

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.

Learn more about our User Device Pen Test.