Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH network
low complexity
bmc
CWE-255
critical
exploit available
Published: 2018-01-30
Updated: 2018-02-26
Summary
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.
Vulnerable Configurations
Part | Description | Count |
Application | Bmc | 5 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | BMC Track-It! 11.4 - Multiple Vulnerabilities. CVE-2016-6598,CVE-2016-6599. Webapps exploit for Windows platform |
id | EDB-ID:43883 |
last seen | 2018-01-25 |
modified | 2015-09-28 |
published | 2015-09-28 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43883/ |
title | BMC Track-It! 11.4 - Multiple Vulnerabilities |