Posted by Brandon Perry on Dec 11

BMC TrackIt! 11.3 Unauthenticated Local User Password Change
Trial available here: http://www.trackit.com

A Metasploit pull request has been made here:
https://github.com/rapid7/metasploit-framework/pull/4359

BMC TrackIt! 11.3 when installed with TrackItWeb! allows an unauthenticated
user to change any local user’s password, such as Administrator. If the
ability to log in remotely via SMB is enabled on the server, this can yield
an…