Vulners
Lucene search
Centreon 19.10.5 Credential Disclosure
`# Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure
# Date: 2020-01-27
# Exploit Author: Fabien AUNAY, Omri Baso
# Vendor Homepage: https://www.centreon.com/
# Software Link: https://github.com/centreon/centreon
# Version: 19.10.5
# Tested on: CentOS 7
# CVE : -
###########################################################################################################
Centreon 19.10.5 Database Credentials Disclosure
Trusted by SMBs and Fortune 500 companies worldwide.
An industry reference in IT Infrastructure monitoring for the enterprise.
Counts 200,000+ ITOM users worldwide and an international community of software collaborators.
Presence in Toronto and Luxembourg.
Deployed in diverse sectors:
- IT & telecommunication
- Transportation
- Government
- Heath care
- Retail
- Utilities
- Finance & Insurance
- Aerospace & Defense
- Manufacturing
- etc.
###########################################################################################################
POC:
- Configuration / Pollers / Broker configuration
-- Central-broker | Central-broker-master
--- Output
It is possible to discover the unencrypted password with the inspector.
DB user centreon
DB password ********
<input size="120" name="output[0][db_password]" type="password" value="ZVy892xx">
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Jan 2020 00:00Current
7.4High risk
Vulners AI Score7.4