# Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure # Date: 2020-01-27 # Exploit Author: Fabien AUNAY, Omri Baso # Vendor Homepage: https://www.centreon.com/ # Software Link: https://github.com/centreon/centreon # Version: 19.10.5 # Tested on: CentOS 7 # CVE : - ########################################################################################################### Centreon 19.10.5 Database Credentials Disclosure Trusted by SMBs and Fortune 500 companies worldwide. An industry reference in IT Infrastructure monitoring for the enterprise. Counts 200,000+ ITOM users worldwide and an international community of software collaborators. Presence in Toronto and Luxembourg. Deployed in diverse sectors: - IT & telecommunication - Transportation - Government - Heath care - Retail - Utilities - Finance & Insurance - Aerospace & Defense - Manufacturing - etc. ########################################################################################################### POC: - Configuration / Pollers / Broker configuration -- Central-broker | Central-broker-master --- Output It is possible to discover the unencrypted password with the inspector. DB user centreon DB password ********