CVE-2019-5615 in InsightVM
Summary
by MITRE
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the salt for those passwords. Valid credentials are required to access these files and malicious users would still need to perform additional work to decrypt the credentials and escalate privileges. This issue affects: Rapid7 InsightVM versions 6.5.11 through 6.5.49.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 08/28/2023
The vulnerability identified as CVE-2019-5615 represents a significant information disclosure flaw within Rapid7 InsightVM security platform versions 6.5.11 through 6.5.49. This issue stems from inadequate access controls and privilege separation mechanisms that allow users with site-level permissions to gain unauthorized access to sensitive credential material. The flaw specifically targets the security console's global administrator credentials and backup restoration passwords, creating a potential pathway for privilege escalation and unauthorized system access. The vulnerability operates within the context of a security tool designed to protect enterprise environments, making the exposure of such sensitive information particularly concerning from a cybersecurity perspective.
The technical implementation of this vulnerability involves a failure in the authorization framework where site-level users can access files containing username-encrypted passwords of global administrators. These files also contain clear-text passwords used for backup restoration processes, along with the cryptographic salt values necessary for password decryption. The underlying flaw demonstrates poor privilege separation and inadequate file access controls that should normally restrict such sensitive information to users with appropriate administrative clearance. This represents a classic case of insufficient access control mechanisms, which maps directly to CWE-284 Access Control Issues, specifically involving inadequate privilege separation and unauthorized information access.
The operational impact of this vulnerability extends beyond simple credential exposure, as it creates a multi-layered attack vector for malicious actors. While valid credentials are required to initially access the vulnerable files, the presence of clear-text passwords for backup restoration provides additional attack surface for lateral movement and system compromise. The encrypted passwords, though protected by encryption, become vulnerable when the salt values are exposed, potentially enabling more sophisticated cracking attempts. This vulnerability aligns with ATT&CK technique T1552.001 for Unsecured Credentials and T1078.004 for Valid Accounts, as it allows for both credential access and privilege escalation through legitimate account usage patterns. The exposure of backup restoration passwords particularly threatens disaster recovery scenarios and could enable attackers to restore compromised systems with malicious configurations.
Organizations utilizing affected InsightVM versions face substantial risk from this vulnerability, as it undermines the fundamental security model of the platform. The exposure of administrator credentials could lead to complete system compromise, while backup restoration passwords provide potential pathways for persistent access and data manipulation. The vulnerability's impact is amplified by the fact that it affects a widely deployed security tool, potentially creating widespread exposure across multiple enterprise environments. The issue represents a critical failure in the security tool's internal access control mechanisms, as legitimate users with limited permissions should never be able to access such sensitive administrative information. Remediation efforts must include immediate version upgrades to patched releases, implementation of additional access controls, and comprehensive credential rotation for all global administrators. The vulnerability also highlights the importance of proper privilege separation and access control design in security tools, as the exposed information could enable attackers to bypass multiple security layers and maintain persistent access to critical infrastructure.