← back
CVE-2018-5551

DocuTrac DTISQLInstaller.exe Hard-Coded Credentials

CVSS 9 CRITICALEPSS 1.7%CWE-798
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Mar 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
DocuTrac · DTISQLInstaller.exe

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.rapid7.com/2018/03/14/r7-2018-01-cve-2018-5551-cve-2018-5552-docutrac-office-therapy-installer-hard-coded-credentials-and-cryptographic-salt/