HP OpenView Performance Insight Server Backdoor Account

high Nessus Plugin ID 51850

Synopsis

It is possible to log on the remote web application by using a hidden account.

Description

Nessus was able to log into the remote HP OpenView Performance Insight system using a hidden account. The 'hch908v' user, hard-coded in the 'com.trinagy.security.XMLUserManager' class, is hidden and has administrative privileges.

A remote attacker could exploit this by logging in as the hidden user and gain administrative access to the Performance Insight installation.

After gaining administrative access to the web application, escalation of privileges may be possible. Nessus has not checked for that issue.

Solution

Apply the hotfix referenced in the HP advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-034/

http://www.nessus.org/u?84978b0a

Plugin Details

Severity: High

ID: 51850

File Name: hp_openview_perf_insight_backdoor.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 2/2/2011

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:hp:openview_performance_insight

Required KB Items: www/hp_ovpi

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/31/2011

Vulnerability Publication Date: 1/31/2011

Exploitable With

Core Impact

Metasploit (HP OpenView Performance Insight Server Backdoor Account Code Execution)

Reference Information

CVE: CVE-2011-0276

BID: 46079

Secunia: 43145