This Metasploit module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all the users, including their password hashes. In order to authenticate, the user can provide his own credentials. Also the default users installed with Apache Rave 0.20 will be tried automatically. This Metasploit module has been successfully tested on Apache Rave 0.20.
0ee081ebc210103428fee49812e36eeb28870ee37c407fc90e4ae247b331e1bfApache Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to authenticated users, but will return all User objects in the database given the correct query. Versions 0.11 through 0.20 are affected.
0fc0f4d0dcf747beda3059f5ac91c70414ea7169915d9f52f748260badb8a8b5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed