CVE-2015-0922

McAfee ePolicy Orchestrator < 4.6.9 and 5.x < 5.1.2 - Authenticated Credential Exposure via Shared Secret Key

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0922. Includes Metasploit module auxiliary/gather/mcafee_epo_xxe.

AI-analyzed exploit summary This Metasploit module exploits an authenticated XXE vulnerability in McAfee ePolicy Orchestrator to read the keystore.properties file, which contains an encrypted password decryptable with a static key. The exploit requires valid credentials and leverages weak encryption (AES-128-ECB) to recover the database 'sa' user password.

Description

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/mcafee_epo_xxe.rb

View Code ZIP pw:eip

This Metasploit module exploits an authenticated XXE vulnerability in McAfee ePolicy Orchestrator to read the keystore.properties file, which contains an encrypted password decryptable with a static key. The exploit requires valid credentials and leverages weak encryption (AES-128-ECB) to recover the database 'sa' user password.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: McAfee ePolicy Orchestrator

Auth required

Prerequisites: Valid McAfee ePO credentials · Network access to the ePO server

MITRE ATT&CK