CVE-2021-3130 PoC — Opmantek Open-AudIT 安全漏洞

Source

https://github.com/jet-pentest/CVE-2021-3130

Associated Vulnerability

Title:Opmantek Open-AudIT 安全漏洞 (CVE-2021-3130)
Description:Opmantek Open-AudIT是美国Opmantek公司的一款开源的网络发现和审计程序。该程序能够智能扫描网络和网络设备，并提供状态报告。 Open-AudIT up to version 3.5.3 存在安全漏洞，该漏洞源于web界面使用HTML“密码字段”混淆，向用户隐藏SSH秘密、Windows密码和SNMP字符串。通过使用开发人员工具或类似工具，可以更改模糊处理，使凭据可见。

Readme

# CVE-2021-3130

[Suggested description]

Within the Open-AudIT up to 4.0.2 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

[Vulnerability Type]

Insufficiently Protected Credentials

[Vendor of Product]

Open-AudIT by Opmantek

[Affected Product Code Base]

Open-AudIT up to version 3.5.3.

[Attack Type]

Remote

[Impact Code execution]

false

[Has vendor confirmed or acknowledged the vulnerability?]

true

[Reference]

https://opmantek.com/network-discovery-inventory-software/

[Discoverer]

Vsevolod Shamov (Jet Infosystems (jet.su), Moscow, Russia)

File Snapshot


 [4.0K]  /data/pocs/b237479c9e558be2fe70c4c8aa0845019842fde1
└── [ 764]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!