Add exploit for CVE-2020-11857: Hardcoded SSH password on Micro Focus Operations Bridge Manager #15086
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This all looks good to me, I tested the module as much as I could without a target and everything looks correct. Would you be able to send that PCap and then I can get this landed. When you do send the PCap can you include the text output too? Thanks! |
smcintyre-r7
added a commit
that referenced
this pull request
Apr 29, 2021
|
Nevermind, I see you already shared the PCaps. I took a look through there and yup, that's an SSH connection. Everything looks good here so I've landed the PR with just some minor changes to the documentation. Thanks for this contribution! |
Release NotesNew module |
|
awesome, thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This module abuses a known default password on Micro Focus Operations Bridge Reporter.
The 'shrboadmin' user, installed by default by the product has the password of 'shrboadmin', and allows an attacker to login to server via SSH.
This module has been tested with Micro Focus Operations Bridge Manager 10.40. Earlier versions are most likely affected too, but have not been tested with this module.
Vuln details:
https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBR.md
I believe you won't be able to test this unless you can get your hands on the vulnerable software, let me know if you require pcap and I'll send to you!