当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170246

漏洞标题:中国移动某运维研发工具多个后台弱口令可导致多个应用数据代码泄露

相关厂商:中国移动

漏洞作者: krbl

提交时间:2016-01-16 12:26

修复时间:2016-03-04 13:27

公开时间:2016-03-04 13:27

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-16: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-19: 细节向实习白帽子公开
2016-03-04: 细节向公众公开

简要描述:

详细说明:

中国移动某业务研发集合多个后台弱口令,涉及Review Board—在线代码审查工具,JIRA--缺陷跟踪管理工具,Jenkins--持续集成工具....可内网

http://**.**.**.**

(中国移动物联网公司)
一:Jenkins持续集成工具
http://**.**.**.**:8080/login test test 登陆后查看用户 得到有弱口令权限用户:wangwei wangwei

捕获.PNG


Result
bond-mgmt Link encap:Ethernet HWaddr 10:51:72:4E:06:C5
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond-prod Link encap:Ethernet HWaddr 34:00:A3:00:3B:9C
inet addr:**.**.**.** Bcast:**.**.**.** Mask:**.**.**.**
inet6 addr: fe80::3600:a3ff:fe00:3b9c/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:117005870 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:128264315494 (119.4 GiB) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 10:51:72:4E:06:C5
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Memory:94880000-948fffff
eth1 Link encap:Ethernet HWaddr 10:51:72:4E:06:C5
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Memory:94800000-9487ffff
eth2 Link encap:Ethernet HWaddr 34:00:A3:00:3B:9C
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:116869364 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:128255334323 (119.4 GiB) TX bytes:0 (0.0 b)
eth3 Link encap:Ethernet HWaddr 34:00:A3:00:3B:9C
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:136506 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8981171 (8.5 MiB) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:**.**.**.** Mask:**.**.**.**
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:75860506 errors:0 dropped:0 overruns:0 frame:0
TX packets:75860506 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38896375947 (36.2 GiB) TX bytes:38896375947 (36.2 GiB)


二:Review Board—在线代码审查工具
http://**.**.**.**:8086/dashboard/ zhangwei zhangwei

a.PNG


B.PNG


c.PNG


QQ图片20160110000554.png


QQ图片20160112131751.png


三:JIRA缺陷跟踪管理工具
http://**.**.**.**:8085/secure/Dashboard.jspa

d.PNG


漏洞证明:

一:Jenkins持续集成工具
http://**.**.**.**:8080/login test test 登陆后查看用户 得到有弱口令权限用户:wangwei wangwei

捕获.PNG


Result
bond-mgmt Link encap:Ethernet HWaddr 10:51:72:4E:06:C5
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
bond-prod Link encap:Ethernet HWaddr 34:00:A3:00:3B:9C
inet addr:**.**.**.** Bcast:**.**.**.** Mask:**.**.**.**
inet6 addr: fe80::3600:a3ff:fe00:3b9c/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:117005870 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:128264315494 (119.4 GiB) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 10:51:72:4E:06:C5
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Memory:94880000-948fffff
eth1 Link encap:Ethernet HWaddr 10:51:72:4E:06:C5
UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Memory:94800000-9487ffff
eth2 Link encap:Ethernet HWaddr 34:00:A3:00:3B:9C
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:116869364 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:128255334323 (119.4 GiB) TX bytes:0 (0.0 b)
eth3 Link encap:Ethernet HWaddr 34:00:A3:00:3B:9C
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:136506 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8981171 (8.5 MiB) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:**.**.**.** Mask:**.**.**.**
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:75860506 errors:0 dropped:0 overruns:0 frame:0
TX packets:75860506 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:38896375947 (36.2 GiB) TX bytes:38896375947 (36.2 GiB)


二:Review Board—在线代码审查工具
http://**.**.**.**:8086/dashboard/ zhangwei zhangwei

a.PNG


B.PNG


c.PNG


QQ图片20160110000554.png


QQ图片20160112131751.png


三:JIRA缺陷跟踪管理工具
http://**.**.**.**:8085/secure/Dashboard.jspa

d.PNG


修复方案:

不懂

版权声明:转载请注明来源 krbl@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2016-01-20 10:07

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无


漏洞评价:

评价