CVE-2016-1560
N/A
N/A
Summary
ExaGrid appliances with firmware before 4.8 P26 have a default password of (1) inflection for the root shell account and (2) support for the support account in the web interface, which allows remote attackers to obtain administrative access via an SSH or HTTP session.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
- https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
- http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
References
- http://packetstormsecurity.com/files/136634/ExaGrid-Known-SSH-Key-Default-Password.html
- https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials
- http://www.rapid7.com/db/modules/exploit/linux/ssh/exagrid_known_privkey
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.