CVE-2018-16791
First published: Wed Dec 05 2018(Updated: )
In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords for potentially privileged accounts. This also grants the attacker an ability to backdoor the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds SFTP/SCP Server | <=20180910 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16791?
CVE-2018-16791 is classified as a high severity vulnerability due to its impact on sensitive user credentials and potential server backdoor access.
How do I fix CVE-2018-16791?
To fix CVE-2018-16791, ensure that the configuration file is not world readable or writable and implement secure password storage practices.
What are the risks associated with CVE-2018-16791?
The risks associated with CVE-2018-16791 include unauthorized access to sensitive accounts and the potential for an attacker to backdoor the SFTP/SCP server.
Which versions of SolarWinds SFTP/SCP Server are affected by CVE-2018-16791?
CVE-2018-16791 affects all versions of SolarWinds SFTP/SCP Server up to and including 2018-09-10.
Can CVE-2018-16791 lead to data breaches?
Yes, CVE-2018-16791 can lead to data breaches as it exposes user passwords and allows for server backdoor exploitation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/solarwinds
- canonical/solarwinds sftp/scp server
- version/solarwinds sftp/scp server/20180910