iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.
iMonitor EAM 9.6394 software contains built-in default administrative credentials that are simultaneously displayed to the user in the connection dialog window of the management client. An attacker, without any prior knowledge, can read these credentials directly from the application interface and then authenticate remotely to the EAM server over the network. After gaining access, the attacker obtains administrative privileges without requiring user interaction or meeting additional conditions.
An attacker gains full control over the EAM server and all connected agents, enabling the reading of highly sensitive telemetry data (including keylogger data) and issuing arbitrary commands to all connected clients.
Default administrative credentials must be immediately changed to a strong, unique password. Patches available from the vendor should be applied according to references. Additionally, it is recommended to restrict network access to the EAM server to trusted IP addresses only and to regularly review authentication logs.
iMonitor EAM version 9.6394 — affects installations where default administrative credentials have not been changed after deployment
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H