{"vuid":"VU#544527","idnumber":"544527","name":"OpenELEC and RasPlex have a hard-coded SSH root password","keywords":["ssh","hard-coded"],"overview":"OpenELEC and derivatives utilize a hard-coded default root password, and enable SSH root access by default.","clean_desc":"CWE-259: Use of Hard-coded Password OpenELEC has a hard-coded root password. The root partition is by default read-only, preventing a user from changing the password once installed; furthermore, SSH access is enabled by default. RasPlex is based on OpenELEC and therefore inherits this same problem. According to RasPlex, \"The root filesystem is read only (squashfs). This prevents the ability to change the root password, but also prevents an attacker from modifying the filesystem.\"","impact":"A remote attacker may gain root access to the device.","resolution":"The CERT/CC is currently unaware of a full solution to this issue. Affected users may consider the following mitigations: Disable SSH password access Disable the use of password access to SSH, and enable SSH keys instead. RasPlex notes that \"users can simply disable SSH via the dialog if they are worried about being compromised.\" Build with a different password Developers may build their own distribution of OpenELEC or RasPlex from source and modify the root password at build time. Users should be aware however that this password is still hard-coded and may leave a user vulnerable to further attack; future password changes would require another rebuild and deployment. Restrict network access Use a firewall or similar technology to restrict access to trusted hosts, networks, and services.","workarounds":"","sysaffected":"","thanks":"Thanks to Aidan Samuel for reporting this vulnerability.","author":"This document was written by Garret Wassermann.","public":["http://wiki.openelec.tv/index.php?title=OpenELEC_FAQ#SSH_Password_change","http://wiki.openelec.tv/index.php?title=Config_connect_ssh_wo_password","http://wiki.openelec.tv/index.php?title=Compile_from_source","https://github.com/RasPlex/RasPlex/issues/453"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-12-28T15:26:38Z","publicdate":"2016-02-02T00:00:00Z","datefirstpublished":"2016-02-02T16:20:37Z","dateupdated":"2016-02-02T16:20:37Z","revision":25,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.5","cvss_environmentalscore":"2.1363232464","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}