![]() Many network monitoring tools include the capability of running external programs as part of a “notification” as a feature. I was now pretty excited as network monitoring tools are typically a quick path to full domain compromise. I quickly navigated to the documentation for the tool and found the default credentials of “prtgadmin / prtgadmin”: I was hopeful, as network monitoring tools are valuable targets that by definition have connectivity to most other systems and can often execute programs as part of their alerting/notification features. ![]() I was browsing through the available web applications and came across the PRTG network monitoring tool on one of the hosts. I was performing a penetration test recently and really hadn’t found much on the scoped servers and other systems, so I began reviewing accessible services and applications to target for default/weak credential testing. I finally have time to disclose this issue. ![]() More details on the release can be found here. The patch was released on Apand the vulnerability was assigned a CVE of CVE-2018-9276. I agreed to wait at least 90 days to disclose the vulnerability, to give the company time to fix it and their customer’s time to apply the patch. This vulnerability was discovered and reported to Paessler AG, the company that develops the application. This post is as much about the penetration testing process and mindset as it is about the vulnerability I discovered in a network monitoring program called PRTG Network Monitor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |