Detections
Analytics

Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

medium Nessus Plugin ID 73302

Language:

Synopsis

The remote host is vulnerable to a password disclosure vulnerability.

Description

The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected file(s) in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded key.

Solution

The are no known patches for this issue. As a workaround, restrict access to affected systems.

See Also

http://www.nessus.org/u?6db2b6e6

Plugin Details

Severity: Medium

ID: 73302

File Name: jenkins_hp_alm_password_disclosure.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 4/2/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins

Required KB Items: www/Jenkins

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 4/8/2013

Reference Information

BID: 64621