Virtualization Manager
CVE-2016-5709
MEDIUM
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.
AnalysisAI
SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute. Rated medium severity (CVSS 4.7). No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack. Affected products include: Solarwinds Virtualization Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Virtualization Manager
View allSystems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres
The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary comm
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.1), this vu
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-r
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. Rat
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potenti
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Rat
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contigu
Sensitive passwords used in deployment and configuration of oVirt Metrics, all versions. Rated medium severity (CVSS 5.5
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today