Threat Research

Remote Password Change Vulnerability in HPE Vertica Analytic Database

By Honggang Ren | April 20, 2017

Summary

On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802.

Fueled by ever-growing volumes of Big Data found in many corporations and government agencies, HPE's Vertica Analytics Platform provides an SQL analytics solution built from the ground up to handle massive volumes of data and delivers blazingly fast Big Data analytics. At the core of the Vertica Analytics Platform is a column-oriented, relational database named Vertica Analytic Database.

This discovered vulnerability could lead to remote password change of the administrator account, and it has been rated as Critical by HPE. The vulnerability affects HPE Vertica Analytic Database 8.1.0 and prior versions.

In this blog, I want to share the details of this vulnerability.

How to Reproduce

To reproduce the vulnerability, you can follow the steps below.

  1. Deploy Vertica Analytic Database (vertica-8.0.1-0_ova) in VMWare ESX, then run “/opt/vertica/bin/adminTools” and use the 'configure' menu to create a new database, such as 'test11', with the password 'test11'. Refer to the screenshots in Figure 1-5 below.

Figure 1. Create a database

Figure 2. Set IP address for the database

Figure 3. Set the path of the database