module

IBM Data Risk Manager a3user Default Password

Disclosed	Created
Apr 21, 2020	May 5, 2020

Disclosed

Apr 21, 2020

Created

May 5, 2020

Description

This module abuses a known default password in IBM Data Risk Manager. The 'a3user'
has the default password 'idrm' and allows an attacker to log in to the virtual appliance
via SSH. This can be escalate to full root access, as 'a3user' has sudo access with the default password.
At the time of disclosure this was an 0day, but it was later confirmed and patched by IBM.
Versions

Author

Pedro Ribeiro [email protected]

Platform

Unix

Architectures

cmd

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/linux/ssh/ibm_drm_a3user
    msf exploit(ibm_drm_a3user) > show targets
        ...targets...
    msf exploit(ibm_drm_a3user) > set TARGET < target-id >
    msf exploit(ibm_drm_a3user) > show options
        ...show and set options...
    msf exploit(ibm_drm_a3user) > exploit

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report