Home | Research | Resources | Advisories | POSIM EVO for Windows
Use of Hard-Coded Database Credentials
CVE ID
CVE-2018-15808
VENDOR
POSIM, LLC
PRODUCT
POSIM EVO for Windows
Product version
15.13
Vulnerability Details
POSIM EVO for Windows includes a file named "Juniper.jar" that contains files with hard coded database credentials for the "root" user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, availability or allow for attackers to remotely execute code on associated POSIM EVO clients.
Learn More →
Vendor response
POSIM has not remediated the vulnerability.
Disclosure timeline
02-27-2018 - Disclosed to Vendor 02-28-2018 - Disclosures forwarded to development 03-27-2018 - Development still working on both issues 06-03-2018 - Publicly disclosed at BSides ATL