Use of Hard-Coded Database Credentials
POSIM EVO for Windows
POSIM EVO for Windows includes a file named "Juniper.jar" that contains files with hard coded database credentials for the "root" user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, availability or allow for attackers to remotely execute code on associated POSIM EVO clients.
POSIM has not remediated the vulnerability.
02-27-2018 - Disclosed to Vendor 02-28-2018 - Disclosures forwarded to development 03-27-2018 - Development still working on both issues 06-03-2018 - Publicly disclosed at BSides ATL
Offensive Minded Security Exploit Development