From eb954da04de9b6d42aef40c7ec2aab893e39b5d9 Mon Sep 17 00:00:00 2001 From: Pedro Ribeiro Date: Fri, 26 Jun 2020 11:26:47 +0700 Subject: [PATCH] Fix IBM DRM SSH docs --- documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md b/documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md index 20ac264edd..efb9970726 100644 --- a/documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md +++ b/documentation/modules/exploit/linux/ssh/ibm_drm_a3user.md @@ -2,7 +2,7 @@ This module abuses a known default password in IBM Data Risk Manager. The 'a3user' has the default password 'idrm' and allows an attacker to log in to the virtual appliance via SSH. This can be escalated to full root access, as 'a3user' has `sudo` access with the default password. -At the time of disclosure, this is a 0day. Versions <= 2.0.3 are confirmed to be affected, and the latest 2.0.6 is most likely affected too. +At the time of disclosure this was an 0day, but it was later confirmed and patched by IBM. Versions <= 2.0.6.1 are confirmed to be vulnerable. ### Vulnerability information For more information about the vulnerability, check the advisory at: