'Specially crafted username' opens the keys to the kingdom of FAIL
McAfee's Enterprise Security Manager (ESM) needs patching, as smartly as you can manage, due to an administrator-level authentication bypass. The advisory here says “a specially crafted username” can get past the Security Information & Event Management logins without authentication, and without a password, “if the ESM is configured to use Active Directory or LDAP”. That gives the attacker access to NGCP – the default username created at first installation – without checking the p...