Netwrix Directory Manager Hard-Coded Password Vulnerability

A hard-coded password vulnerability has been identified in Netwrix Directory Manager (formerly Imanami GroupID) in versions through 10.0.7784.0. This vulnerability allows authentication as an administrator to the Windows server hosting Netwrix Directory Manager or to the application itself. Although the hard-coded password was removed in version 9, it remains in the installer and can be used by customers who upgraded from earlier versions.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the Windows server where Netwrix Directory Manager is installed, as well as to the application itself. This access could potentially be used to compromise any integrated Identity Stores.

Remediation

Netwrix advises customers to update to the latest release of version 10 if they are using a version earlier than 10.0.7784.0. For those running version 10.0.7784.0 or earlier, it is recommended to check the Microsoft Internet Information Services (IIS) Application Pools for the 'GroupIDSSUser' as the Application Pool Identity. If this user is being used, customers should create a new service account, update the Application Pool Identity, and then delete the 'GroupIDSSUser' account. Netwrix has published a utility to assist with this assessment and remediation.