CVE-2015-5610
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
Vulnerabilidad en el servicio RSM (también conocido como RSMWinService) en SolarWinds N-Able N-Central anterior a 9.5.1.4514 utiliza la misma clave de descifrado de contraseña a través de la instalación a diferentes clientes, lo que hace más fácil para usuarios remotos autenticados obtener la contraseña dominio-administrador en texto plano por medio de localizar la contraseña cifrada con código fuente HTML y así aprovechar el conocimiento de la clave desde otra instalación.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-07-21 CVE Reserved
- 2015-07-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/912036 | Third Party Advisory |
|
| http://www.securityfocus.com/bid/75969 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | N-able N-central Search vendor "Solarwinds" for product "N-able N-central" | <= 9.5 Search vendor "Solarwinds" for product "N-able N-central" and version " <= 9.5" | sp1 |
Affected
| ||||||