Primary

Context

Agiloft Local Privilege Escalation via Default Credentials

Vulnerability

A vulnerability allowing local privilege escalation through default and backdoor credentials has been identified in Agiloft Release 28. Improper configuration during on-premise installations may result in user accounts being created with default credentials, which, if unchanged, could be exploited to escalate privileges. The password hash for at least one of these accounts is known, allowing for offline cracking of the credentials. This issue has been resolved in Agiloft Release 30.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing a user to gain elevated rights and access within the application or system.

Remediation

Users are advised to upgrade to Agiloft Release 30 or later. For guidance on secure installation and password management, refer to the Agiloft documentation.

Added: Aug 26, 2025, 11:18 PM

Updated: Aug 26, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agiloft Local Privilege Escalation via Default Credentials

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating