A specially crafted username can bypass SIEM ESM authentication (password is not validated) if the ESM is configured to use Active Directory or LDAP authentication sources. This can result in the attacker gaining NGCP (master user) access to the. ESM. This update resolves an issue where the login username is. mishandled. This article is more than 6 years old. This article has been published by McAfee Intel Security: The Register. The Register.com is happy to feature an exclusive article by Graham Cluley on Twitter.”]
Source: https://grahamcluley.com/login-admin-mcafee-enterprise-security-manager-password-required/

