CVE-2016-4401 – Unauthenticated Database Credential Leak In Aruba ClearPass

It is possible for an unauthenticated user with network access to a ClearPass server to expose database credentials.  
This vulnerability leads to complete system compromise.

Severity: CRITICAL
CVSSv3 Overall Score: 9.8

Discovery: This vulnerability was discovered by [email protected] and reported through the BugCrowd managed bug bounty

FIX: Fixed in 6.5.7 and 6.6.2

Bounty: $1,500

Leave a Reply

Your email address will not be published. Required fields are marked *

12 − 4 =