IBM Data Risk Manager 2.0.3 Default Password
Posted by deepcore on May 6, 2020 – 7:43 pm
This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.
Post a reply
You must be logged in to post a comment.