ID CVE-2016-2230 Type cve Reporter NVD Modified 2016-02-25T07:43:50
Description
OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session.
{"openvas": [{"lastseen": "2018-11-21T13:05:36", "references": ["http://openelec.tv", "http://www.kb.cert.org/vuls/id/544527", "https://github.com/RasPlex/RasPlex/issues/453"], "pluginID": "1361412562310807608", "description": "This host is installed with OpenELEC device\n and is prone authentication bypass vulnerability.", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-11T00:00:00", "title": "OpenELEC Authentication Bypass Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Default Accounts", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2230"], "modified": "2018-11-21T00:00:00", "id": "OPENVAS:1361412562310807608", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807608", "sourceData": "###############################################################################\n# $Id: gb_openelec_ssh_auth_bypass_vuln.nasl 12455 2018-11-21 09:17:27Z cfischer $\n#\n# OpenELEC Authentication Bypass Vulnerability\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807608\");\n script_version(\"$Revision: 12455 $\");\n script_cve_id(\"CVE-2016-2230\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-21 10:17:27 +0100 (Wed, 21 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 15:05:52 +0530 (Fri, 11 Mar 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_name(\"OpenELEC Authentication Bypass Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with OpenELEC device\n and is prone authentication bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Check if it is possible to login into\n the remote OpenELEC device.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to\n\n - The 'root' account has a password of 'openelec', which is\n publicly known and documented.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain unauthorized root access to affected devices and completely\n compromise the devices..\");\n\n script_tag(name:\"affected\", value:\"OpenELEC Devices.\");\n\n script_tag(name:\"solution\", value:\"Information is available about a\n configuration or deployment scenario that helps to reduce the risk of the\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/544527\");\n script_xref(name:\"URL\", value:\"https://github.com/RasPlex/RasPlex/issues/453\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Default Accounts\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_xref(name:\"URL\", value:\"http://openelec.tv\");\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\n\nopen_port = get_kb_item(\"Services/ssh\");\nif(!open_port){\n exit(0);\n}\n\nif(!get_port_state(open_port)){\n exit(0);\n}\n\nif(!soc = open_sock_tcp(open_port)){\n exit(0);\n}\n\nlogin = ssh_login (socket:soc, login:'root', password:'openelec', pub:NULL, priv:NULL, passphrase:NULL);\nif(login == 0)\n{\n cmd = ssh_cmd(socket:soc, cmd:\"id\");\n if(ereg(pattern:\"uid=[0-9]+.*gid=[0-9]+\", string:cmd))\n {\n security_message(port:open_port);\n close(soc);\n exit(0);\n }\n}\n\nclose(soc);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T12:49:41", "references": ["http://openelec.tv", "http://www.kb.cert.org/vuls/id/544527", "https://github.com/RasPlex/RasPlex/issues/453"], "pluginID": "1361412562310807609", "description": "This host is installed with Rasplex device and\n is prone authentication bypass vulnerability.", "edition": 5, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-03-11T00:00:00", "title": "Rasplex Authentication Bypass Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Default Accounts", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-2230"], "modified": "2018-11-12T00:00:00", "id": "OPENVAS:1361412562310807609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807609", "sourceData": "###############################################################################\n# $Id: gb_rasplex_ssh_auth_bypass_vuln.nasl 12313 2018-11-12 08:53:51Z asteins $\n#\n# Rasplex Authentication Bypass Vulnerability\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807609\");\n script_version(\"$Revision: 12313 $\");\n script_cve_id(\"CVE-2016-2230\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-12 09:53:51 +0100 (Mon, 12 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-03-11 15:05:52 +0530 (Fri, 11 Mar 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_name(\"Rasplex Authentication Bypass Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Rasplex device and\n is prone authentication bypass vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Check if it is possible to login into\n the remote Rasplex device.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to\n\n - The 'root' account has a password of 'rasplex', which is\n publicly known and documented.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain unauthorized root access to affected devices and completely\n compromise the devices..\");\n\n script_tag(name:\"affected\", value:\"Rasplex Devices.\");\n\n script_tag(name:\"solution\", value:\"Information is available about a\n configuration or deployment scenario that helps to reduce the risk of the\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"Mitigation\");\n\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/544527\");\n script_xref(name:\"URL\", value:\"https://github.com/RasPlex/RasPlex/issues/453\");\n\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Default Accounts\");\n script_dependencies(\"find_service.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_xref(name:\"URL\", value:\"http://openelec.tv\");\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\n\nras_port = get_kb_item(\"Services/ssh\");\nif(!ras_port){\n exit(0);\n}\n\nif(!get_port_state(ras_port)){\n exit(0);\n}\n\nif(!soc = open_sock_tcp(ras_port)){\n exit(0);\n}\n\nlogin = ssh_login (socket:soc, login:'root', password:'rasplex', pub:NULL, priv:NULL, passphrase:NULL);\nif(login == 0)\n{\n cmd = ssh_cmd(socket:soc, cmd:\"id\");\n if(ereg(pattern:\"uid=[0-9]+.*gid=[0-9]+\", string:cmd))\n {\n security_message(port:ras_port);\n close(soc);\n exit(0);\n }\n}\n\nclose(soc);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
