ID CVE-2012-4933
Summary The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
References
Vulnerable Configurations
  • Novell ZENworks Asset Management 7.5
    cpe:2.3:a:novell:zenworks_asset_management:7.5
CVSS
Base: 7.8 (as of 22-10-2012 - 10:40)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
metasploit via4
  • description This module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve the configuration parameters of Novell Zenworks Asset Managment, including the database credentials in clear text. This module has been successfully tested on Novell ZENworks Asset Management 7.5.
    id MSF:AUXILIARY/SCANNER/HTTP/ZENWORKS_ASSETMANAGEMENT_GETCONFIG
    last seen 2019-02-10
    modified 2017-08-27
    published 2012-10-15
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb
    title Novell ZENworks Asset Management 7.5 Configuration Access
  • description This module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve a maximum of 100_000_000 KB of remote files. This module has been successfully tested on Novell ZENworks Asset Management 7.5.
    id MSF:AUXILIARY/SCANNER/HTTP/ZENWORKS_ASSETMANAGEMENT_FILEACCESS
    last seen 2019-03-29
    modified 2017-07-24
    published 2012-10-15
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb
    title Novell ZENworks Asset Management 7.5 Remote File Access
nessus via4
NASL family CGI abuses
NASL id NOVELL_ZENWORKS_ASSET_MANAGEMENT_ARBITRARY_INFORMATION_DISCLOSURE.NASL
description The remote host has a version of Novell ZENworks Asset Management that is affected by an arbitrary information disclosure vulnerability. The 'GetFile_Password' maintenance call in '/rtrlet/rtr' is protected by a set of known, hard-coded credentials. This maintenance call can be utilized by an attacker to disclose arbitrary files accessible with SYSTEM privileges on the remote host via a specially crafted POST request. Although Nessus did not attempt to execute it, the associated maintenance call 'GetConfigInfo_Password' is also protected by a set of hard-coded credentials in this version of Novell ZENworks Asset Management. It could allow a remote attacker to view the Novell ZENworks Configuration Management configuration parameters.
last seen 2019-02-21
modified 2018-06-13
plugin id 62704
published 2012-10-25
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=62704
title Novell ZENworks Asset Management rtrlet Component GetFile_Password Method Hardcoded Credentials Information Disclosure
refmap via4
cert-vn VU#332412
misc https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks
sectrack 1027682
xf novell-zam-info-disclosure(79252)
Last major update 13-02-2013 - 23:57
Published 20-10-2012 - 14:55
Last modified 28-08-2017 - 21:32
Back to Top