Shared Secret Key Vulnerability in McAfee ePolicy Orchestrator (ePO)

Shared Secret Key Vulnerability in McAfee ePolicy Orchestrator (ePO)

CVE-2015-0922 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.

Learn more about our Web Application Penetration Testing UK.