The Quest team received a report from CRITICALSTART regarding possible vulnerabilities involving the KACE Systems Management Appliance (SMA) below:
K1-30592 - Default Password for FTP access
K1-30593 - Default Password for MySQL access
K1-30594 - Rate limit can be bypassed on API login attempts
K1-30595 - Static symmetric encryption key is not unique per appliance
K1-30596 - API is not constrained by console ACL restrictions
Quest takes the handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here.
Sie müssen sich anmelden und über einen gültigen Servicevertrag verfügen, um auf Premium-Wissensartikel zugreifen zu zu dürfen.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz Cookie Preference Center