Cisco Energy Management Suite Default PostgreSQL Credentials (CVE-2018-0468)

### Synopsis Tenable has discovered that default credentials for PostgreSQL are used in Cisco Energy Management. #### Default PostgreSQL Credentials Default credentials are used by Cisco Energy Management to access a local PostgreSQL database. This database stores application data, including user password hashes. In order to exploit this vulnerability, [by default] an attacker must have local access to the host operating system; however, this depends on the configuration of PostgreSQL. The default credentials for the PostgreSQL database are: ``` Username: postgres Password: Pemadmin123! ``` The hard-coded password is checked for several times throughout the codebase. Additionally, the password is stored in jemprocessor.conf as ciphertext; however, this password may be decrypted using the application secret key. As stated above, by default, an attacker must have local access to exploit this issue. This is due to the configuration of the PostgreSQL server. If a system administrator were to modify the configuration to allow external network connections, a remote access vector would be created.