Serious vulnerabilities in HPE SiteScope found

19.06.2017

hpe-sitescope-vulnerabilities

 

Several potentially serious vulnerabilities in HPE SiteScope were identified. There are no patches yet, so to prevent hacker attacks, users need to apply workarounds.

HPE SiteScope is a performance and availability monitoring software for distributed IT infrastructures, including servers, network services, applications, and operating systems.

The cybersecurity specialist Richard Kelley has discovered several vulnerabilities in product version 11.31.461.

Kelley has noticed that the company has not yet released patches for a critical remote code execution vulnerability disclosed in 2012 and for which a Metasploit is available.

HPE recommends that users prevent attacks by setting a specific flag in the “groups/master.config” file to disable old APIs.

“I wonder how many admins know about this setting, and why wouldn’t HPE just remove the old APIs from new versions if they are no longer needed?” Kelley said.

The expert has also discovered that the credentials stored in the configuration files are encrypted, but the encryption key is hardcoded and allows the hacker to get the password needed to log into the SiteScope interface with administrator privileges.

Once the hacker has access to the administration interface, he can get the credentials for the Linux and Windows servers that are monitored via SiteScope. The admin interface shows the passwords only as dots, but the actual password is transmitted in clear text over an insecure connection to the client, allowing man-in-the-middle attack to be used to steal the information easily.

HPE said it plans to solve the problem of insecure transmission of credentials in the third quarter of the year. The company also pointed out that the encryption-related problems are covered in chapter 20 of the SiteScope deployment guide.

It is not unusual for HPE to provide workarounds for SiteScope's vulnerabilities instead of patches, but this seriously threatens the cybersecurity of its users.

Would you like to comment on this article?

Share

Latest news

23.08.2017

Industrial cobots can be hacked

IOActive`s cybersecurity specialists have discovered how a remote hacker can hack industrial collaborative robots.

23.08.2017

2 infected apps are available for download via the Google Play Store

Cybersecurity experts have discovered two malware-infected apps on the official Google Play Store that are still available for download.

23.08.2017

Cybersecurity company warns of new cyber-attacks against Ukraine

Ukraine could be a target of a NotPetya-style attack aimed at destabilizing the country just as it celebrates its 1991 independence from the Soviet Union.

Sign up for our online newsletter!