CVE-2015-8024 Information

Description

McAfee Enterprise Security Manager (ESM) Enterprise Security Manager/Log Manager (ESMLM) and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19 9.4.x before 9.4.2MR9 and 9.5.x before 9.5.0MR8 when configured to use Active Directory or LDAP authentication sources allow remote attackers to bypass authentication by logging in with the username \NGCP|NGCP|NGCP;\ and any password.

Reference

http://www.quantumleap.it/mcafee-siem-esm-esmrec-and-esmlm-authentication-bypass-vulnerability/ http://www.securitytracker.com/id/1034288 https://kc.mcafee.com/corporate/index?page=content&id=SB10137