McAfee Security Manager lets anybody bypass managers' security

'Specially crafted username' opens the keys to the kingdom of FAIL

16 Reg comments Got Tips?

McAfee's Enterprise Security Manager (ESM) needs patching, as smartly as you can manage, due to an administrator-level authentication bypass.

The advisory here says “a specially crafted username” can get past the Security Information & Event Management logins without authentication, and without a password, “if the ESM is configured to use Active Directory or LDAP”.

That gives the attacker access to NGCP – the default username created at first installation – without checking the password assigned to NGCP when it was created.

Designated CVE-2015-8024, the bug covers “McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username 'NGCP|NGCP|NGCP;' and any password”, the advisory states.

If you can't update the software immediately, the workaround is to disable all Active Directory and LDAP authentication sources in the Enterprise Security Manager.

Better, however, if you follow the update link provided in the advisory. ®

Biting the hand that feeds IT © 1998–2020