The Quest team received a report from CRITICALSTART regarding possible vulnerabilities involving the KACE Systems Management Appliance (SMA) below:
K1-30592 - Default Password for FTP access
K1-30593 - Default Password for MySQL access
K1-30594 - Rate limit can be bypassed on API login attempts
K1-30595 - Static symmetric encryption key is not unique per appliance
K1-30596 - API is not constrained by console ACL restrictions
Quest takes the handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here.
You need to be signed in and under a current maintenance contract to view premium knowledge articles.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center