CVE-2019-6499

Vulnerability

Teradata Viewpoint versions prior to 14.0 and version 16.20.00.02-b80 contain a hardcoded password for the viewpoint database account. The credentials (viewpoint and TDv1i2e3w4) are stored in plaintext in the file viewpoint-portal/conf/server.xml as the JDBC resource jdbc/dcs [1][2].

Exploitation

An attacker with local or remote network access to the database server, or who can read the configuration file, can use the known hardcoded credentials to connect to the PostgreSQL database. No further authentication or user interaction is required beyond network reachability to port 5432 [1][2].

Impact

Successful exploitation grants the attacker unauthorized access to the Teradata Viewpoint database (dcsdb) with the privileges of the viewpoint database user. This could lead to data disclosure, modification, or deletion, and may serve as a stepping stone for further compromise of the Viewpoint application [1][2].

Mitigation

Teradata recommends restricting network access to the database as a workaround; only allow connections from trusted hosts and networks [1][2]. A patched version should be obtained from the vendor; the exact fixed release is not specified in the available references, but 14.0 and later are not affected by the hardcoded password issue for versions prior to 14.0. For version 16.20.00.02-b80, a separate fix may be required [1][2].