CVE-2016-5709

Published: Jun 24, 2016Modified: May 6, 2026

4.7

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.

Affected (1)

Products: Solarwinds: Virtualization Manager

Solarwinds

1 product

Virtualization Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Solarwinds Virtualization Manager	Up to 6.3.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2016/Jun/38

Source: cve@mitre.org

http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2016/Jun/38

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.