CVE-2021-31579
📋 TL;DR
Akkadian Provisioning Manager Engine ships with a hard-coded credential (akkadianuser:haakkadianpassword) that allows unauthorized access. This affects all systems running vulnerable versions of Akkadian's provisioning and appliance management software. Attackers can use these credentials to gain administrative control over affected systems.
💻 Affected Systems
- Akkadian Provisioning Manager Engine
- Akkadian OVA appliance
- Akkadian Appliance Manager
📦 What is this software?
Ova Appliance by Akkadianlabs
Provisioning Manager by Akkadianlabs
Provisioning Manager by Akkadianlabs
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to steal sensitive data, deploy ransomware, or pivot to other network resources.
Likely Case
Unauthorized administrative access leading to configuration changes, data exfiltration, or service disruption.
If Mitigated
Limited impact if systems are isolated, monitored, and access controls prevent credential use.
🎯 Exploit Status
Exploitation requires only knowledge of the hard-coded credentials and network access to the management interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Akkadian OVA appliance version 3.0+, Akkadian Provisioning Manager 5.0.2+, Akkadian Appliance Manager 3.3.0.314-4a349e0+
Vendor Advisory: https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Restart Required: Yes
Instructions:
1. Identify affected systems. 2. Download and install the patched version from Akkadian. 3. Restart the appliance/application. 4. Verify the fix by checking version and testing authentication.
🔧 Temporary Workarounds
Network isolation
allRestrict network access to Akkadian management interfaces to trusted IPs only.
Credential rotation
allChange the default akkadianuser password if the system allows credential modification.
🧯 If You Can't Patch
- Isolate affected systems from internet and untrusted networks using firewall rules.
- Implement strict network segmentation and monitor for authentication attempts using the hard-coded credentials.
🔍 How to Verify
Check if Vulnerable:
Attempt to authenticate to the Akkadian management interface using username 'akkadianuser' and password 'haakkadianpassword'.Check Version:
Check via Akkadian web interface or appliance console for version information.Verify Fix Applied:
Verify the installed version meets patched requirements and test that the hard-coded credentials no longer work.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful login with akkadianuser
- Unusual administrative actions from akkadianuser account
Network Indicators:
- Authentication requests to Akkadian management interfaces from unexpected sources
SIEM Query:
source="akkadian" AND (user="akkadianuser" OR auth_failure AND password="haakkadianpassword")