CVE-2015-5610
SolarWinds N-Able N-Central <9.5.1.4514 - Privilege Escalation
Title source: llmDescription
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/912036
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75969
Scores
EPSS
0.0047
EPSS Percentile
64.8%
Details
CWE
CWE-200
Status
published
Products (1)
solarwinds/n-able_n-central
< 9.5
Published
Jul 21, 2015
Tracked Since
Feb 18, 2026