Vulnerability Description
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ndocsoftware | Ndoc | <= 7.4 |
Related Weaknesses (CWE)
References
- https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32cIssue TrackingThird Party Advisory
- https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32cIssue TrackingThird Party Advisory
FAQ
What is CVE-2017-15366?
CVE-2017-15366 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client ...
How severe is CVE-2017-15366?
CVE-2017-15366 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-15366?
Check the references section above for vendor advisories and patch information. Affected products include: Ndocsoftware Ndoc.