POSIM EVO for Windows Vulnerability | VerSprite Research Advisory POSIM EVO for Windows Vulnerability | VerSprite Research Advisory

Home  |  Research  |  Resources  |  Advisories  |  POSIM EVO for Windows

POSIM EVO for Windows

Use of Hard-Coded Database Credentials

CVE ID

CVE-2018-15808

VENDOR

POSIM, LLC

PRODUCT

POSIM EVO for Windows

Product version

15.13

Vulnerability Details

POSIM EVO for Windows includes a file named "Juniper.jar" that contains files with hard coded database credentials for the "root" user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, availability or allow for attackers to remotely execute code on associated POSIM EVO clients.

Learn More →

Vendor response

POSIM has not remediated the vulnerability.

Disclosure timeline

02-27-2018 - Disclosed to Vendor
02-28-2018 - Disclosures forwarded to development
03-27-2018 - Development still working on both issues
06-03-2018 - Publicly disclosed at BSides ATL

Domain Spoofing and Phishing Attacks 2

Domain Spoofing and Phishing Attacks

Blog Post

Domain Spoofing and Phishing Attacks

domain spoofing

PCI DDS 4.0

PCI DSS 4.0: What You Need to Know and What You Need to Do

Blog Post

PCI DSS 4.0: What You Need to Know and What You Need to Do

PCI DSS Compliance

Artificial Intelligence

AI and Cybersecurity: Threats and Opportunities

Blog Post

AI and Cybersecurity: Threats and Opportunities

Exploitation of Vulnerabilities

    Back to Advisory Main         Visit Resource Library    

Offensive Minded Security Exploit Development

Learn More

arrow right

We are an international squad of professionals working as one.

logos

Copyright 2021 VerSprite - All Rights Reserved