CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15366

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile13.90th
PublishedOct 26, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.

Affected Platforms (CPE)

📦
Ndocsoftware

Ndoc

<= 7.4

References & Advisories

🔗 https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32c
🔗 https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32c

Related Vulnerabilities

CVE-2017-721310.0

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops...

CVE-2017-879410.0

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https ...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...

CVE-2017-766410.0

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.