Short Name |
APP:SYMC:MESSAGING-SSH-PASSWORD |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Symantec Messaging Gateway Default SSH Password |
Release Date |
2013/09/17 |
Update Number |
2301 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Symantec Messaging Gateway. It is due to the use of hardcoded default credentials. It can result in privilege escalation. To exploit the vulnerability, an attacker must have access to the Symantec Messaging Gateway management interface.
Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session.