PatchSiren cyber security CVE debrief

CVE-2016-6602 Zohocorp CVE debrief

CVE-2016-6602 affects ZOHO WebNMS Framework 5.2 and 5.2 SP1. The issue is a weak password obfuscation design that can let a context-dependent attacker recover cleartext credentials from WEB-INF/conf/securitydbData.xml. NVD rates the issue critical and maps it to CWE-327; it also notes the flaw can be combined with CVE-2016-6601 for remote exploitation.

Vendor: Zohocorp
Product: CVE-2016-6602
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-23
Original CVE updated: 2026-05-13
Advisory published: 2017-01-23
Advisory updated: 2026-05-13

Who should care

Administrators and security teams responsible for ZOHO WebNMS Framework 5.2 or 5.2 SP1, especially anyone managing server file permissions, stored credentials, and exposed WebNMS deployments.

Technical summary

NVD describes a weak obfuscation algorithm used to store passwords in WebNMS Framework 5.2 and 5.2 SP1. If an attacker can access WEB-INF/conf/securitydbData.xml, stored passwords may be recovered in cleartext. The official record lists CWE-327 and a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. NVD also states this issue may be combined with CVE-2016-6601 for a remote exploit path.

Defensive priority

Critical. Credential exposure can lead to immediate account compromise and lateral movement, and NVD indicates the issue may be chained with another flaw for remote exploitation.

Recommended defensive actions

Restrict access to WEB-INF/conf/securitydbData.xml and the broader WEB-INF/conf directory at the filesystem and application layers.
Review all WebNMS Framework deployments and confirm whether any instance is running version 5.2 or 5.2 SP1.
Rotate any credentials that may have been stored in or exposed by affected installations.
Follow vendor guidance referenced by the WebNMS forum notice and monitor official advisories for remediation instructions.
Check logs and access controls for unauthorized reads of configuration files or abnormal use of recovered credentials.
If CVE-2016-6601 is present in the same environment, remediate it as well because NVD notes the two issues can be combined.

Evidence notes

The NVD description states that WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords and that access to WEB-INF/conf/securitydbData.xml can expose cleartext passwords. The official NVD record lists the affected CPEs for WebNMS Framework 5.2 and 5.2 SP1, classifies the weakness as CWE-327, and assigns a critical CVSS v3.0 vector. The NVD reference list includes a vendor forum notice plus third-party technical references; this debrief relies on the official description and metadata, not on exploit material.

Official resources

CVE-2016-6602 CVE record
CVE.org
CVE-2016-6602 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Source reference
[email protected] - Exploit, Mailing List
Mitigation or vendor reference
[email protected] - Third Party Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory
Source reference
[email protected]

The CVE/NVD entry was published on 2017-01-23 and later modified on 2026-05-13. The reference list includes public 2016 advisories and technical discussions, indicating the issue was publicly discussed before CVE publication.