[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [Full Disclosure] CVE-2024-22902: Default Root Credentials in Vinchin Backup & Recovery v7.2 an
From: Valentin Lobstein via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2024-01-25 19:22:25
Message-ID: e3rFkN3F8gFJvxU547oCY8R7edlmNnPwiZQ8Jw6LGQA_vchxrwftp5_SdecGL5JNznQi7aSSSqcVZBjfamYdyiUfHJOjSUrEC_unhVp_vQM= () protonmail ! com
[Download RAW message or body]
CVE ID: CVE-2024-22902
Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2
Suggested Description:
Vinchin Backup & Recovery version 7.2 has been identified as being configured with default root \
credentials, posing a significant security vulnerability.
Additional Information:
There is no documentation or guidance from Vinchin on changing the root password for this \
version. The use of password authentication as root is possible, leading to potential \
unauthorized access.
Vulnerability Type:
Incorrect Access Control
Vendor of Product:
Vinchin
Affected Product Code Base:
Vinchin - Version 7.2
Attack Type:
Remote
Impact - Escalation of Privileges:
True
Attack Vectors:
This security flaw can be exploited through both local and remote access using the default root \
credentials provided in the software.
Discoverer:
Valentin Lobstein
References:
- http://vinchin.com
Conclusion:
The existence of default root credentials in Vinchin Backup & Recovery v7.2 (CVE-2024-22902) is \
a serious security oversight. Users of this software version should be aware of the risks and \
stay alert for any updates or security patches from Vinchin. Immediate action should be taken \
to change these credentials to prevent unauthorized access.
Signed,Valentin Lobstein
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic