ID:1477 - Exploit for Insufficiently protected credentials in EyesOfNetwork - CVE-2020-8657

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:1477 - Exploit for Insufficiently protected credentials in EyesOfNetwork - CVE-2020-8657

ID:1477 - Exploit for Insufficiently protected credentials in EyesOfNetwork - CVE-2020-8657

Published: March 18, 2020


Vulnerability identifier: #VU25741
Vulnerability risk: High
CVE-ID: CVE-2020-8657
CWE-ID: CWE-522
Exploitation vector: Remote access
Vulnerable software:
EyesOfNetwork

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to obtain the administrator credentials.

The vulnerability exists due to the installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations. A remote attacker can calculate/guess the admin access token.


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.