WebNMS Framework 5.2SP1 Information Disclosure

Summary

WebNMS is an industry-leading used to build network management applications architecture. Storage of the password using a vulnerable confused with the encryption algorithm, combined with File Download vulnerability to obtain the password in plain text.

Vulnerability details

./ conf/securitydbData.xml the file is stored in the login user name and password. And the password obfuscation algorithm can be easily decrypted. Use CVE-2016-6601 File Download vulnerability to download files: GET /servlets/FetchFile?fileName=conf/securitydbData.xml The default content in the root user’s password decrypted for the public.

The decryption algorithm in the poc code verification.

Download the official Windows trial version software testing by: http://www.webnms.com/webnms/14107380/WebNMS_Framework_5_STD_Windows.exe

Other information

• Vulnerability discovered by: Pedro Ribeiro
• CVE number: CVE-2016-6602
• Affect version:<= 5. 2SP1