An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/EyesOfNetworkCommunity/eonapi/issues/17 | Third Party Advisory |
Configurations
History
01 Jan 2022, 19:56
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 | |
References | (MISC) http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry |
21 Jul 2021, 11:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:* |
Information
Published : 2020-02-06 18:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-8657
Mitre link : CVE-2020-8657
CVE.ORG link : CVE-2020-8657
JSON object : View
Products Affected
eyesofnetwork
- eyesofnetwork
CWE
CWE-798
Use of Hard-coded Credentials