44 lines
1.6 KiB
YAML
44 lines
1.6 KiB
YAML
id: ruijie-password-leak
|
|
|
|
info:
|
|
name: RG-UAC Ruijie - Password Hashes Leak
|
|
author: ritikchaddha,galoget
|
|
severity: high
|
|
description: |
|
|
Multiple Firewall Devices from vendor Ruijie Networks are affected by an information leakage vulnerability where credentials are included in the source code of the web admin login interface (usernames, roles, MD5 hashes and additional details of each user). Attackers can use this information to illegally access into the vulnerable devices, obtain sensitive device information and change configurations. The vulnerability is identified by CNVD-2021-14536.
|
|
reference:
|
|
- https://forum.butian.net/share/177
|
|
- https://www.ruijie.com.cn/gy/xw-aqtg-zw/86924/
|
|
- https://www.cnvd.org.cn/flaw/show/CNVD-2021-14536
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: http.html:"Get_Verify_Info"
|
|
tags: password,leak,ruijie,exposure,firewall,router
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'contains(tolower(body), ''\"role\":\"super_admin\"'')'
|
|
- 'contains(tolower(body), ''\"role\":\"guest_admin\"'')'
|
|
- 'contains(tolower(body), ''\"role\":\"reporter_admin\"'')'
|
|
condition: or
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- '"password":"[a-f0-9]{32}'
|
|
|
|
# digest: 4a0a00473045022100ad8282043940d24e4d17f325901dcf37716cb6e52ca87cbba8b52b058e6a5e7b022068bd867a83a8518a891d99021df48a2f6a63da2875b78e7ff16f140917938b39:922c64590222798bb761d5b6d8e72950
|