CVE-2020-5248 PoC — Teclib GLPI 信任管理问题漏洞

Source

https://github.com/indevi0us/CVE-2020-5248

Associated Vulnerability

Title:Teclib GLPI 信任管理问题漏洞 (CVE-2020-5248)
Description:Teclib GLPI是法国Teclib公司的一套开源的IT资产管理套件。该套件包含设备状态管理、资产清单存储、管理流程和工作日志管理等功能。 Teclib GLPI 9.4.6之前版本中存在信任管理问题漏洞。该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用默认密码或者硬编码密码、硬编码证书等攻击受影响组件。

Description

Proof of Concept (PoC) for CVE-2020-5248.

Readme

## CVE-2020-5248
Proof of Concept (PoC) for CVE-2020-5248.

## Summary
GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work.

## PoC:
Replace the "INSERT_COIN" string with the one that you would like to decrypt at https://github.com/indevi0us/CVE-2020-5248/blob/main/decrypt_any.php.

## References:
* https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9
* https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c
* https://offsec.almond.consulting/multiple-vulnerabilities-in-glpi.html

File Snapshot


 [4.0K]  /data/pocs/cdd6d615982042ad31a4b4145da4b472e1a919d4
├── [ 391]  decrypt_any.php
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!