HP AdvanceStack Switch绕过管理认证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106608 漏洞类型 未知
发布时间 2002-02-08 更新时间 2005-08-17
CVE编号 CVE-2002-0250 CNNVD-ID CNNVD-200205-056
漏洞平台 Hardware CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/21285
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200205-056
|漏洞详情
HPAdvanceStack10Base-T交换Hub组合了10Base-T功能和交换特性。HPAdvanceStack10Base-T交换Hub存在漏洞,一个非特权的用户可能绕过验证直接访问管理web页面。由于没有限制未授权用户对"/security/web_access.html的访问",攻击者可以直接访问上述页面修改设备的超级用户口令,以及以管理员权限访问设备。另外,所有的验证信息将暴露给攻击者。
|漏洞EXP
source: http://www.securityfocus.com/bid/4062/info

HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching.

It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly.

The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker.

*Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page. 

http://host/security/web_access.html
|参考资料

来源:XF
名称:hp-advancestack-bypass-auth(8124)
链接:http://www.iss.net/security_center/static/8124.php
来源:HP
名称:HPSBUX0202-185
链接:http://online.securityfocus.com/advisories/3870
来源:BID
名称:4062
链接:http://www.securityfocus.com/bid/4062
来源:BUGTRAQ
名称:20020208HewlettPackardAdvanceStackSwitchManagmentAuthenticationBypassVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101318469216213&w=2