Snare for Linux ships with a web interface that can be used for viewing log data and configuring the agent. In the web interface at /remote, a user is able to set a password for remote configuration of the agent. The rendered page contains the field "RemotePassword" with its input type set to password which masks the password in the interface, however this is purely aesthetic. By inspecting the page source and examining the RemotePassword field, it is possible to retrieve the MD5 hash of the current password. Versions prior to 1.7.0 are affected.
cc018c1484894edb98027c4723ebd35f2a2e6b1cbc86beb51f1ce05213c941c0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed