Enterprise management applications of all stripes are plagued by easy-to-exploit security holes, like buffer overflow flaws, bad cryptographic implementations and loose authentication, said Dave Goldsmith, president of Matasano Security, who spoke with colleague Thomas Ptacek on Tuesday.

The researchers declined to name specific companies whose products were vulnerable but said the kinds of systems that demonstrate the loose security are varied.

"Think of when your machine loads up in the corporate network. These are all those things that load in the system tray and keep you from getting work done in the morning. These are programs that are running on everyone's desktop," Goldsmith said.

Although they are used to help system administrators maintain control and consistency across enterprise systems, the management applications themselves are little different from malicious "bot" programs that are used to distribute spam and launch denial of service attacks on the Internet, Goldsmith added.

"These are agents that listen on a port and connect back to a system that other people are administering and that push out commands that tell the agents to do something. Architecturally, they're identical to bots," Goldsmith said.