The discovered vulnerabilities
Researchers found two critical vulnerabilities. One is effectively a backdoor into highly privileged functionality to manage the software. Although this backdoor was likely created to help the vendor’s support team log into systems to assist their clients, the password can be easily determined by attackers.
Even though the password fluidly changes, the research team at Risk Based Security was able to write a program that generates the correct password at any given time. Once access is obtained in this manner, an attacker can perform various actions including disclosing and manipulating data in the underlying database, or reset the super administrator’s password to then log in under that account with full privileges.