CVE-2015-5610

Published: Jul 21, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.

Affected (1)

Products: Solarwinds: N Able N Central

1 product

N Able N Central

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds N Able N Central	Up to 9.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.kb.cert.org/vuls/id/912036

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/75969

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/912036

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/75969

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.