Twenty Year Anniversary

ONCommandCCM.txt

ONCommandCCM.txt
Posted Sep 21, 2004
Authored by Jonas Olsson

Four default username/password pairs are present in the Sybase database backend used by ON Command CCM 5.x servers. One of the username/password pairs is publicly available in a knowledgebase article at ON Technology's web site. The database accounts can be used to read and modify all data in the CCM database.

tags | advisory, web
MD5 | 2a6a6d4d0287b4220327ede2bd75381e

ONCommandCCM.txt

Change Mirror Download

Security advisory
=================
Advisory name: Default username/password pairs in ON Command CCM 5.x
database backend
Release date: 2004-09-20
Application: ON Command CCM 5.x
Platform: Linux, Solaris, Windows
Severity: An intruder can gain access to all administrator
passwords and other sensitive data for managed systems
Author: Jonas Olsson <jonas@takeit.se>


Summary
-------
Four default username/password pairs are present in the Sybase
database backend used by ON Command CCM 5.x servers. One of the
username/password pairs is publicly available in a knowledgebase
article at ON Technology's web site.

The database accounts can be used to read and modify all data in the
CCM database. The database contains among other things usernames and
passwords for administrative accounts for all managed workstations and
servers. In a default CCM installation the Sybase database server is
reachable from the network on the standard Sybase database port.

Two of the database account passwords are extremely easy to guess.


Vendor information
------------------
Symantec recently bought ON Technology which produces ON Command CCM.

Homepage: http://www.symantec.com/
Vendor informed on: 2004-08-11
Vendor response: Fix available in next release of CCM (version 6.0)
which will be available sometime in 2005.
Advisory mailed: 2004-09-20


Affected products
-----------------
* ON Command CCM version 5.x

We have not been able to verify the problem on earlier versions of ON
Command CCM since we have not had access to the software.


Background
----------
ON Command CCM is a solution for central management of Windows
workstations and servers. It handles unattended OS and software
installation on managed computers. All configuration information for
managed workstations, including passwords for local administrators,
domain administrator passwords if the workstation is joined to a
domain and license keys are stored in the CCM database.

The CCM server software is available for several OSes, including
Solaris, Linux and Windows.


Vulnerability impact
--------------------
Using any of the default database accounts an attacker can easily
retrieve all passwords in clear-text for all systems managed by
CCM. Since this includes the domain administrator password if CCM
handles joining managed systems to a domain (which is usually the
case) this can lead to compromise on both servers and workstations.

Any other sensitive data, such as license keys, is also available from
the CCM database.


Workarounds
-----------
* The passwords can be changed for three of the users. The fourth
user's credentials are used by the CCM server daemons and are
hard-coded in the binaries.

* The Sybase database port can be firewalled locally on the CCM
server, denying access to network requests. Local requests can't be
blocked however.


Contact
-------
AB TakeIT
http://www.takeit.se/
Jonas Olsson <jonas@takeit.se>

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    4 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close