Centreon 19.10.5 Credential Disclosure

2020.01.29
Credit: Fabien Aunay
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure # Date: 2020-01-27 # Exploit Author: Fabien AUNAY, Omri Baso # Vendor Homepage: https://www.centreon.com/ # Software Link: https://github.com/centreon/centreon # Version: 19.10.5 # Tested on: CentOS 7 # CVE : - ########################################################################################################### Centreon 19.10.5 Database Credentials Disclosure Trusted by SMBs and Fortune 500 companies worldwide. An industry reference in IT Infrastructure monitoring for the enterprise. Counts 200,000+ ITOM users worldwide and an international community of software collaborators. Presence in Toronto and Luxembourg. Deployed in diverse sectors: - IT & telecommunication - Transportation - Government - Heath care - Retail - Utilities - Finance & Insurance - Aerospace & Defense - Manufacturing - etc. ########################################################################################################### POC: - Configuration / Pollers / Broker configuration -- Central-broker | Central-broker-master --- Output It is possible to discover the unencrypted password with the inspector. DB user centreon DB password ******** <input size="120" name="output[0][db_password]" type="password" value="ZVy892xx">


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top