Teradata Viewpoint Hardcoded Password Vulnerability

• CVE ID: CVE-2019-6499
• CWE ID: CWE-259

Affected products:

Teradata Viewpoint versions prior to 14.0, but Teradata Viewpoint 16.20.00.02-b80 was found to have that user’s account valid too.

Summary:

Teradata Viewpoint contains database account with hardcoded password that could potentially be exploited by malicious users to compromise the affected system.

Details:

Teradata Viewpoint contains hardcoded passwords for database account. Affected database account is “viewpoint”.

viewpoint.db.username=viewpoint viewpoint.db.password=TDv1i2e3w4

An attacker with local or remote access to the database and knowledge of the password may potentially gain unauthorized access to the database.

Affected file: C:\tdpdk-xx.xx.xx.xx\viewpoint-portal\conf\server.xml

<!-- DCS datasource -->
<Resource name="jdbc/dcs"
  auth="Container"
  driverClass="org.postgresql.Driver"

  jdbcUrl="jdbc:postgresql://localhost:5432/dcsdb"
  user="viewpoint"
  password="TDv1i2e3w4"

  maxPoolSize="100"
  minPoolSize="1"
  acquireIncrement="1"
  maxIdleTime="120"
  factory="org.apache.naming.factory.BeanFactory"
  type="com.mchange.v2.c3p0.ComboPooledDataSource"/>

From the vendor website:

Solution:

Restrict network access

As a general security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from using the hard-coded database credentials from a blocked network location.

References:

Installing the Viewpoint Development Portal 13.0.1

• http://downloads.teradata.com/viewpoint/reference/getting-started-with-viewpoint-pdk/installing-the-viewpoint-development-portal-1

Installing the Viewpoint Development Portal 13.0.1

• https://community.teradata.com/t5/Viewpoint/Installing-the-Viewpoint-Development-Portal-13-0-1/m-p/16434

CWE-259: Use of Hard-coded Password

• https://cwe.mitre.org/data/definitions/259.html

Shodan:

https://www.shodan.io/search?query=Teradata+Viewpoint