Pandora FMS Console Authentication Bypass

high Nessus Plugin ID 50861

Synopsis

A web console on the remote host is affected by an authentication bypass vulnerability.

Description

The Pandora FMS console hosted on the remote web server is affected by an authentication bypass vulnerability. The 'auto login (hash) password' feature allows third parties to authenticate using a combination of username and a shared secret. This shared secret is undefined by default, which means it is possible to authenticate solely by providing the hash of a valid username.

A remote attacker can exploit this issue to access the console as admin.

This version of Pandora FMS is also affected by other vulnerabilities;
however, Nessus has not tested for those issues.

Solution

Apply the security fix for Pandora FMS 3.1, or upgrade to version 3.1.1 or later.

See Also

http://openideas.info/smf/index.php/topic,1825.0.html

http://openideas.info/smf/index.php/topic,2083.0.html

Plugin Details

Severity: High

ID: 50861

File Name: pandora_fms_auth_bypass.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 12/1/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:artica:pandora_fms

Required KB Items: installed_sw/Pandora FMS

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 11/30/2010

Vulnerability Publication Date: 11/30/2010

Exploitable With

Metasploit (Pandora FMS v3.1 Auth Bypass and Arbitrary File Upload Vulnerability)

Reference Information

CVE: CVE-2010-4279

BID: 45112