From within the Verax NMS Console, users can navigate to monitored devices and perform predefined actions (NMSAction), such as repairing tables on a MySQL database or restarting services. When these actions are initiated, the AMF response from the application leaks the plaintext connection details to the client and may do so over an unencrypted connection. This behavior would allow an unprivileged user to recover sensitive connection details for arbitrary services and applications. All versions of Verax NMS prior to 2.1.0 are vulnerable.
66cf40d31f06bbe4131715e1741bd12a91006cb43cdcba0edc044553a2002b0fIn versions prior to 2.1.0 of VeraxNMS, the server-side component eadministratorconsole-core-1.5.2.jar, contains a method named decryptPassword(). This method provides the functionality to decrypt a user's password using an implementation of RSA. Within com.veraxsystems.eadministratorconsole.remote.service.impl, it has been discovered that decryptPassword() uses a static, hardcoded private key to facilitate this process. As a result, these passwords should be considered insecure due to the fact that recovering the private key is decidedly trivial.
55feaa6ff716167b15cd4b70dd26eae40f7ecebefd6e0d42d6e9cc2abd1cd56aThe primary client-side UI component of Verax NMS is a flash component named clientMain.swf. In addition to the Flash UI, Verax NMS uses AMF remoting for client/server communications. As part of the login process, when a user logs in to the application, two parameters (username and password) are passed to the authenticateUser operation, which is part of the userService destination. Before this information is sent to the server, the password is encrypted client-side using an implementation of RSA. Due to the fact that the private and public keys are hardcoded into clientMain.swf the encrypted password could be captured and replayed against the service by an attacker. All versions of Verax NMS prior to 2.1.0 are vulnerable.
0dcca1a483ced42d83d569aae22ac2caf6fbd46bed94681be65657cb8bdfeb3eVerax NMS suffers from multiple authentication and authorization flaws which allow a remote attacker to add and delete users, change the passwords of other users, and access other critical application data. All versions of Verax NMS prior to 2.1.0 are vulnerable.
bfe07f7dcb227f3f168a3a1502d38842ae3975b1fe2cfa6cf4d8fe0fd153f2abSnare for Linux ships with a web interface that can be used for viewing log data and configuring the agent. In the web interface at /remote, a user is able to set a password for remote configuration of the agent. The rendered page contains the field "RemotePassword" with its input type set to password which masks the password in the interface, however this is purely aesthetic. By inspecting the page source and examining the RemotePassword field, it is possible to retrieve the MD5 hash of the current password. Versions prior to 1.7.0 are affected.
cc018c1484894edb98027c4723ebd35f2a2e6b1cbc86beb51f1ce05213c941c0Snare for Linux suffers from a cross site request forgery vulnerability due to a poor implementation of the ChToken. All versions prior to 1.7.0 are vulnerable.
3323c57eabe51f974cc3c72af83508f476be9dbb70cbfeaeac57694f5e5a56fdSnare for Linux suffers from a cross site scripting vulnerability via log injection. All versions prior to 1.7.0 are vulnerable.
d22ada759dcbc1d17dafab44a19f943b1bb0c438c37fb13503433ad75f387109
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed