POSIM EVO for Windows Vulnerability | VerSprite Research Advisory POSIM EVO for Windows Vulnerability | VerSprite Research Advisory

Home  |  Research  |  Resources  |  Advisories  |  POSIM EVO for Windows

POSIM EVO for Windows

Use of Hard-Coded Database Credentials

CVE ID

CVE-2018-15808

VENDOR

POSIM, LLC

PRODUCT

POSIM EVO for Windows

Product version

15.13

Vulnerability Details

POSIM EVO for Windows includes a file named "Juniper.jar" that contains files with hard coded database credentials for the "root" user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, availability or allow for attackers to remotely execute code on associated POSIM EVO clients.

Vendor response

POSIM has not remediated the vulnerability.

Disclosure timeline

02-27-2018 - Disclosed to Vendor
02-28-2018 - Disclosures forwarded to development
03-27-2018 - Development still working on both issues
06-03-2018 - Publicly disclosed at BSides ATL

Offensive Minded Security Exploit Development

We are an international squad of professionals working as one.

logos