POC Badgermeter moni tool - CVE-2024-1302# CVE-2024-1302 --- Badgermeter moni tool - Sensitive information exposure
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool
CVE-2024-1302: 7.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N | CWE-200.
**Software link**: https://www.s-can.at/en/product/monitool/
**Version**: 4.6.3
**@author**: Guillermo García Molina
**Description**: In s:can moni:tools up to and including version 4.6.3, an unauthenticated attacker could download log files from the application, obtaining sensitive information stored in them.
## POC
In moni::tools device authenticated menu exists a functionality which purpose is downloading log files. However, it has been discovered that it is not needed to be authenticated to perform these requests and download these files, which are prone to contain sensitive information, such as internal directories or database errors.
In the following picture is shown the request performed to the endpoint log-logfile-download.x including the database log file /var/log/postgresql/postgresql-9.6-main.log in the file parameter. As it could be seen, no cookies are included in the headers request:
Once the unauthenticated request is performed, the following server response is received, including the postgresql-9.6-main.log file content.
Therefore, an incorrect access control vulnerability is found, allowing an unauthenticated attacker to download sensitive log files.
[4.0K] /data/pocs/322f389789bfc334f73ab079ed9e2ad32c1c6811
└── [1.7K] README.md
0 directories, 1 file