Skip to main content

A special username can bypass McAfee Security Manager

A kind word will open any door, but a special kind word will open all doors to an otherwise safe computer system, a McAfee advisory (opens in new tab) says.

The advisory said on Monday that “a specially crafted username” can get past the Security Information & Event Management logins without authentication, and without a password, “if the ESM is configured to use Active Directory or LDAP”.

What does that mean, exactly? It means a potential attacker can get access to NGCP (the default username created at first installation).

"A specially crafted username can bypass SIEM ESM authentication (password is not validated) if the ESM is configured to use Active Directory or LDAP authentication sources. This can result in the attacker gaining NGCP (master user) access to the ESM,” the advisory says.

Designated CVE-2015-8024, the bug covers “McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username 'NGCP|NGCP|NGCP;' and any password”, the advisory states.

There are, however, ways to protect yourselves. The best solution would be to update the software immediately, but in case you’re not able to do so – don’t worry. For now, disabling all Active Directory and LDAP authentication sources in the Enterprise Security Manager will suffice.

The update link for the software is in the advisory.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.