How to remediate – Visualware MyConnection Server Remote Agent Default Password

1. Introduction

Visualware MyConnection Server Remote Agent Default Password is a security issue where the remote agent connections to Visualware MyConnection Server are configured with default credentials. This allows an attacker on the network to gain access to sensitive information within the MCS application. Systems affected are those running Visualware MyConnection Server and utilising its remote agents. A successful exploit could compromise confidentiality, integrity, and availability of data managed by the server.

2. Technical Explanation

The vulnerability occurs because the default password for remote agent connections is not changed during installation or configuration of Visualware MyConnection Server (MCS). This allows a remote attacker with network access to authenticate as a privileged user without needing valid credentials. There is no known CVE associated with this specific issue, but it represents a common misconfiguration. An example attack involves an attacker using the default username and password to connect to the MCS server via its remote agent interface.

• Root cause: Use of hardcoded or easily guessable default credentials for remote agents.
• Exploit mechanism: An attacker attempts to authenticate to the MCS server using the default username and password combination. If successful, they gain access to the application’s functionality.
• Scope: Visualware MyConnection Server (MCS) versions are affected where the default agent password has not been changed.

3. Detection and Assessment

You can confirm if a system is vulnerable by checking the current configuration of remote agents. A quick check involves reviewing the MCS server settings for any use of default credentials. A thorough method would involve attempting to connect using known default usernames and passwords.

• Quick checks: Check the MCS administration interface under agent settings for password policies or existing agent configurations.
• Scanning: Nessus plugin ID 16483 may identify this issue, but results should be manually verified.
• Logs and evidence: Review MCS server logs for authentication attempts using default credentials. Event IDs will vary depending on the logging configuration.

# No specific command available - check MCS administration interface directly.

4. Solution / Remediation Steps

The solution is to change the default remote agent password immediately. Follow these steps for a secure fix.

4.1 Preparation

• Ensure you have documented the new password securely. A roll back plan involves restoring from the pre-change snapshot or reverting to the previous configuration file.
• A change window is recommended for this task and should be approved by the IT security team.

4.2 Implementation

1. Step 1: Log in to the Visualware MyConnection Server administration interface as an administrator.
2. Step 2: Navigate to the Agent Settings section.
3. Step 3: Locate the password configuration for remote agents.
4. Step 4: Change the default password to a strong, unique value.
5. Step 5: Save the changes and restart the Visualware MyConnection Server service if required.

4.3 Config or Code Example

Before

Remote Agent Password: defaultpassword

After

Remote Agent Password: StrongUniquePassword123!

4.4 Security Practices Relevant to This Vulnerability

List only practices that directly address this vulnerability type. Use neutral wording and examples instead of fixed advice. For example: least privilege, input validation, safe defaults, secure headers, patch cadence. If a practice does not apply, do not include it.

• Practice 1: Enforce strong password policies to prevent weak or default credentials.
• Practice 2: Implement regular security audits to identify and remediate misconfigurations like this one.

4.5 Automation (Optional)

# No automation script available due to MCS administration interface requirement.

5. Verification / Validation

• Post-fix check: Attempt to connect via remote agent interface using the *old* default username and password – authentication should fail.
• Re-test: Repeat the detection steps from Section 3, which should no longer identify the vulnerability.
• Smoke test: Verify that users can still access MCS functionality through the web interface or other supported methods.
• Monitoring: Monitor MCS server logs for failed authentication attempts using default credentials as an indicator of potential attacks.

# Attempt connection via remote agent with old password - expect "Authentication Failed" message.

6. Preventive Measures and Monitoring

Suggest only measures that are relevant to the vulnerability type. Use “for example” to keep advice conditional, not prescriptive.

• Baselines: Update your security baseline or hardening guide to include a requirement for changing default passwords on all new systems.
• Pipelines: Integrate configuration checks into your deployment pipelines to identify and prevent the use of default credentials.
• Asset and patch process: Include regular review of system configurations as part of your asset management and patching processes.

7. Risks, Side Effects, and Roll Back

• Risk or side effect 1: Incorrect password configuration could lock out legitimate users – ensure new password is documented securely.
• Risk or side effect 2: Service interruption if the MCS service requires a restart – plan during off-peak hours.
• Roll back: Restore from pre-change snapshot, or revert to previous agent settings within the MCS administration interface.

8. References and Resources

• Vendor advisory or bulletin: http://www.myconnectionserver.com