Main Vulnerability Database Vulnerabilities #VU25741

#VU25741 Insufficiently protected credentials in EyesOfNetwork - CVE-2020-8657

Published: March 3, 2020 / Updated: February 20, 2022

Vulnerability identifier: #VU25741

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2020-8657

CWE-ID: CWE-522

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
EyesOfNetwork

Software vendor:
EyesOfNetworkCommunity

Description

The vulnerability allows a remote attacker to obtain the administrator credentials.

The vulnerability exists due to the installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations. A remote attacker can calculate/guess the admin access token.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://github.com/EyesOfNetworkCommunity/eonapi/issues/17

#VU25741 Insufficiently protected credentials in EyesOfNetwork - CVE-2020-8657

Description

Remediation

External links

Please verify you're human