CVE-2018-19466 PoC — Portainer 信任管理问题漏洞

Source

Associated Vulnerability

Title:Portainer 信任管理问题漏洞 (CVE-2018-19466)
Description:Portainer是一款用于管理Docker环境和Docker主机的轻量级用户管理界面。 Portainer 1.20.0之前版本中存在安全漏洞。攻击者可利用该漏洞检索所存储的LDAP证书。

Description

LEMPO (Ldap Exposure on POrtainer) is an exploit for CVE-2018-19466 (LDAP Credentials Disclosure on Portainer). Featured @ DevFest Siberia 2018

Readme

# Lempo: LDAP Exposure on POrtainer
# CVE-2018-19466 | Mauro Eldritch AKA plaguedoktor

```
./lempo.rb TARGET_IP TARGET_USER TARGET_PASSWORD
```
This exploit is a complement to my talk [Hacking Docker with PAZUZU](https://github.com/MauroEldritch/PAZUZU).

![PoC](https://github.com/MauroEldritch/lempo/blob/master/media/cve-2018-19466.png)

## Presentations

|#| Date | Conference | Link to Video | Link to Slides |
|---|---|---|---|---|
|1| NOV-2018 | DEVFEST Siberia | TBA | https://drive.google.com/open?id=1uXFrLTIIdrypM4ECQxIYF1dz2iVf1OG6w09eB_KkFnA |

Issued patched by the software authors @ portainer.io via [portainer/portainer#2488](https://github.com/portainer/portainer/pull/2488)

[MITRE CVE Announcement](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19466)

File Snapshot


 [4.0K]  /data/pocs/4445dc9d3f8b709541f2528f488cdbeb0a5c0805
├── [1.3K]  lempo.rb
├── [4.0K]  media
│   ├── [1.6M]  cve-2018-19466.mp4
│   ├── [ 42K]  cve-2018-19466_patched.png
│   ├── [1.6M]  cve-2018-19466_patch.mp4
│   └── [ 39K]  cve-2018-19466.png
└── [ 783]  README.md

1 directory, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!