what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

Vinchin Backup And Recovery 7.2 Default MySQL Credentials
Posted Jan 26, 2024
Authored by Valentin Lobstein

A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks.

tags | exploit
advisories | CVE-2024-22901
SHA-256 | 5cbb4901365c8c32a2383f8e2b3f381029f1d5fc24795a4103af00a458e5220b

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

Change Mirror Download
CVE ID: CVE-2024-22901

Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2

Description:
A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks.

Additional Information:
Vinchin has not addressed previous disclosures, including CVE-2022-35866, and has not patched the reported vulnerabilities. The presence of these unresolved issues, now compounded by the newly discovered vulnerability of default MYSQL credentials, opens up potential avenues for easy unauthenticated Remote Code Execution (RCE). This lack of response is alarming for a product that is certified in cybersecurity and poses a considerable risk to its users.

Vulnerability Type:
Incorrect Access Control

Vendor of Product:
Vinchin

Affected Product Code Base:
Vinchin Backup & Recovery - Version 7.2

Affected Component:
The MySQL database used by Vinchin Backup & Recovery

Attack Type:
Remote

Impact - Escalation of Privileges:
True

Attack Vectors:
The vulnerability can be exploited via local or remote access, utilizing the unpatched default MySQL credentials.

Discoverer:
Valentin Lobstein

Reference:
http://vinchin.com

Conclusion:
The discovery of CVE-2024-22901 highlights a critical oversight in Vinchin Backup & Recovery's security posture. Users are advised to be cautious and to monitor for any updates or patches from Vinchin, which should be applied immediately to mitigate this risk.

Signed,Valentin Lobstein

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close