-
Problem report
-
Resolution: Cannot Reproduce
-
Major
-
None
-
3.0.26
-
None
A security concern has been found during scanning. Hope anyone can provide a solution for this. The description as below:
Potential Vulnerabilities:
Urgent Presence of this vulnerability might enable intruders to compromise the web application's data store,
obtain information from other users' accounts, or obtain command execution on a host in the web
application's architecture. For example in this scenario, the web application users can potentially be
targeted if the application is exploited.
application, which should never expose a user's authentication credentials.
Impact
The web application exposes a user's password outside of the login process. A user's password should never be reused, reflected, or otherwise present in web
traffic except during the authentication process.
Solution
The password should only be transferred during an authentication process. It should be stored by the web application in a hashed format using a strong hashing
algorithm that includes a salt or a mechanism like PBKDF2. A strong pseudo-random token should be used in place of the password or its hash if the value must
be transferred during a transaction other than authentication. All traffic that involves an authenticated user should use HTTPS or HTTP Strict Transport Security
(HSTS).
Detection Information
Parameter No param has been required for detecting the information.
Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:
https://10.76.62.72:8443/zabbix/
https://10.76.62.72:8443/zabbix/zabbix.php?action=dashboard.view
https://10.76.62.72:8443/zabbix/search.php
Payloads
#1 Request
Payload Password is plaintext
Request GET https://10.76.62.72:8443/zabbix/search.php?sid=5a7ef109c3904d2b&form_refresh=1&s earch=1
#1 Referer: https://10.76.62.72:8443/zabbix/
#2 Cookie: zbx_sessionid=67863bdbc6e604de5a7ef109c3904d2b; PHPSESSID=l456g9p4tc3b8a79ko3nnohbe3;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.
#1 Response
comment: Matched link.
://10.76.62.72:8443/******/search.php?sid=5a7ef109c3904d2b&form_refresh=1&search=1