QwikSec

Security Database

CVE

CWE

Training

CVE-2016-6602

Published: Jan 23, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20160812 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1

mailing-list

x_refsource_FULLDISC

https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

20160808 [CVE-2016-6600/1/2/3]: Multiple vulnerabilities (RCE, file download, etc) in WebNMS Framework 5.2 / 5.2 SP1

mailing-list

x_refsource_BUGTRAQ

http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure

x_refsource_MISC

http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html

x_refsource_MISC

https://blogs.securiteam.com/index.php/archives/2712

x_refsource_MISC

https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2016-6602 - Security Vulnerability | QwikSec