CVE-2016-6599 in Track-It!info

Summary

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

08/04/2016

Disclosure

01/30/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
112650	BMC Track-It! ConfigurationService Credentials credentials management	255	Proof-of-Concept	Official fix	CVE-2016-6599

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!