2018-05-31 18:00:00
mitre
PUBLISHED
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any users password (including root). A low-privilege user could abuse this feature by changing the password of the kace_support account, which comes disabled by default but has full sudo privileges.