Detections
Analytics

HP OpenView Performance Insight Server Backdoor Account

high Nessus Network Monitor Plugin ID 5754

Synopsis

The remote host contains a web application that has a hidden account.

Description

The installation of HP OpenView Performance Insight on the remote host allows the use of a hidden account for logging in. The 'hch908v' user, hardcoded in the com.trinagy.security.XMLUserManager class, is hidden and has administrative privileges. A remote, unauthenticated attacker could exploit this by logging in as the hidden user, giving them administrative access to the Performance Insight installation. After gaining administrative access to the web application, escalation of privileges may be possible.

Solution

Apply the hotfix referenced in the HP advisory.

See Also

http://www.zerodayinitiative.com/advisories/ZDI-11-034

http://www.nessus.org/u?ad278cb7

Plugin Details

Severity: High

ID: 5754

Family: CGI

Published: 2/1/2011

Updated: 3/6/2019

Nessus ID: 51850

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:hp:openview_performance_insight

Patch Publication Date: 1/31/2011

Vulnerability Publication Date: 1/31/2011

Exploitable With

Metasploit (HP OpenView Performance Insight Server Backdoor Account Code Execution)

Reference Information

CVE: CVE-2011-0276

BID: 46079