CVE-2016-5709

MEDIUM

SolarWinds Virtualization Manager <6.3.1 - Info Disclosure

Title source: llm

Description

SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/shadow, which allows local users with superuser privileges to obtain user passwords via a brute force attack.

References (2)

[Mailing List] http://seclists.org/fulldisclosure/2016/Jun/38

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/137525/Solarwinds-Virtualization-Manager-6.3.1-Weak-Crypto.html

Scores

CVSS v3 4.7

EPSS 0.0025

EPSS Percentile 47.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

solarwinds/virtualization_manager < 6.3.1

Timeline

Published Jun 24, 2016

Tracked Since Feb 18, 2026