all InfoSec news
VU#142546: SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
June 21, 2022, 4:38 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems.
Description
During OpCon UNIX agent installation and updates, an SSH public key is added to the root account's authorized_keys file. The corresponding private key titled sma_id_rsa is included with the installation files and is not encrypted with a passphrase. Removal of the OpCon software does not remove the …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Systems Security Officer (ISSO) (Remote within HR Virginia area)
@ OneZero Solutions | Portsmouth, VA, USA
Security Analyst
@ UNDP | Tripoli (LBY), Libya
Senior Incident Response Consultant
@ Google | United Kingdom
Product Manager II, Threat Intelligence, Google Cloud
@ Google | Austin, TX, USA; Reston, VA, USA
Cloud Security Analyst
@ Cloud Peritus | Bengaluru, India