what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

Files from Andrew Brooks

First Active2012-12-10
Last Active2013-03-07
Verax NMS Password Disclosure
Posted Mar 7, 2013
Authored by Andrew Brooks

From within the Verax NMS Console, users can navigate to monitored devices and perform predefined actions (NMSAction), such as repairing tables on a MySQL database or restarting services. When these actions are initiated, the AMF response from the application leaks the plaintext connection details to the client and may do so over an unencrypted connection. This behavior would allow an unprivileged user to recover sensitive connection details for arbitrary services and applications. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit, arbitrary, info disclosure
advisories | CVE-2013-1631
MD5 | 9a44b1713c62f6e602a177799b472ce5
Verax NMS Hardcoded Private Key
Posted Mar 7, 2013
Authored by Andrew Brooks

In versions prior to 2.1.0 of VeraxNMS, the server-side component eadministratorconsole-core-1.5.2.jar, contains a method named decryptPassword(). This method provides the functionality to decrypt a user's password using an implementation of RSA. Within com.veraxsystems.eadministratorconsole.remote.service.impl, it has been discovered that decryptPassword() uses a static, hardcoded private key to facilitate this process. As a result, these passwords should be considered insecure due to the fact that recovering the private key is decidedly trivial.

tags | exploit, remote
advisories | CVE-2013-1352
MD5 | 2b48c0afe36d33916e7967968c5dae7d
Verax NMS Password Replay Attack
Posted Mar 7, 2013
Authored by Andrew Brooks

The primary client-side UI component of Verax NMS is a flash component named clientMain.swf. In addition to the Flash UI, Verax NMS uses AMF remoting for client/server communications. As part of the login process, when a user logs in to the application, two parameters (username and password) are passed to the authenticateUser operation, which is part of the userService destination. Before this information is sent to the server, the password is encrypted client-side using an implementation of RSA. Due to the fact that the private and public keys are hardcoded into clientMain.swf the encrypted password could be captured and replayed against the service by an attacker. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit
advisories | CVE-2013-1351
MD5 | b2dcde78d28326efc85549e3aee63984
Verax NMS Authentication Bypass
Posted Mar 7, 2013
Authored by Andrew Brooks

Verax NMS suffers from multiple authentication and authorization flaws which allow a remote attacker to add and delete users, change the passwords of other users, and access other critical application data. All versions of Verax NMS prior to 2.1.0 are vulnerable.

tags | exploit, remote, bypass
advisories | CVE-2013-1350
MD5 | 84ba9340e4eb32c67dac51b3d2776daf
Snare For Linux Password Disclosure
Posted Dec 11, 2012
Authored by Andrew Brooks

Snare for Linux ships with a web interface that can be used for viewing log data and configuring the agent. In the web interface at /remote, a user is able to set a password for remote configuration of the agent. The rendered page contains the field "RemotePassword" with its input type set to password which masks the password in the interface, however this is purely aesthetic. By inspecting the page source and examining the RemotePassword field, it is possible to retrieve the MD5 hash of the current password. Versions prior to 1.7.0 are affected.

tags | advisory, remote, web, info disclosure
systems | linux
advisories | CVE-2011-5247
MD5 | ab2dd036b56c09e64ec61ee5412d6f46
Snare For Linux Cross Site Request Forgery
Posted Dec 10, 2012
Authored by Andrew Brooks

Snare for Linux suffers from a cross site request forgery vulnerability due to a poor implementation of the ChToken. All versions prior to 1.7.0 are vulnerable.

tags | advisory, csrf
systems | linux
advisories | CVE-2011-5250
MD5 | 00f546e73837795cc4855c9535477413
Snare For Linux Cross Site Scripting
Posted Dec 10, 2012
Authored by Andrew Brooks

Snare for Linux suffers from a cross site scripting vulnerability via log injection. All versions prior to 1.7.0 are vulnerable.

tags | exploit, xss
systems | linux
advisories | CVE-2011-5249
MD5 | bdfae478b043963fb87ef3ff9110d5cb
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    0 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close