Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key

Published: 2014-03-18 10:16:16

CVSS Base Vector:

Detection Type:
Remote Vulnerability

A remote attacker can exploit this issue to gain unauthorized root access to affected devices. Successfully exploiting this issue allows attackers to completely compromise the devices.

Detection Method:
Try to login as root using the known static private key.

Technical Details:
Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.

Upgrade to version 7.5.3 or newer.

Solution Type:
Vendor Patch

Loadbalancer.org Enterprise VA 7.5.2 contains a default SSH private key

Affected Versions:
Loadbalancer.org Enterprise VA versions 7.5.2 and below



CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.