CVE-2010-4279
CVE-2010-4279
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
Affected products
n/a · n/apublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.htmlunverifiedcve_referencewww.exploit-db.com/exploits/35731/unverifiedcve_referencewww.exploit-db.com/exploits/15639unverifiedexploitdbwww.exploit-db.com/exploits/35731unverifiedexploitdbwww.exploit-db.com/exploits/15639unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/69549http://packetstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.htmlhttp://seclists.org/fulldisclosure/2010/Nov/326http://secunia.com/advisories/42347http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/downloadhttps://www.exploit-db.com/exploits/35731/http://www.exploit-db.com/exploits/15639http://www.securityfocus.com/archive/1/514939/100/0/threadedhttp://www.securityfocus.com/bid/45112