Serious vulnerabilities in HPE SiteScope found

19.06.2017

hpe-sitescope-vulnerabilities

 

Several potentially serious vulnerabilities in HPE SiteScope were identified. There are no patches yet, so to prevent hacker attacks, users need to apply workarounds.

HPE SiteScope is a performance and availability monitoring software for distributed IT infrastructures, including servers, network services, applications, and operating systems.

The cybersecurity specialist Richard Kelley has discovered several vulnerabilities in product version 11.31.461.

Kelley has noticed that the company has not yet released patches for a critical remote code execution vulnerability disclosed in 2012 and for which a Metasploit is available.

HPE recommends that users prevent attacks by setting a specific flag in the “groups/master.config” file to disable old APIs.

“I wonder how many admins know about this setting, and why wouldn’t HPE just remove the old APIs from new versions if they are no longer needed?” Kelley said.

The expert has also discovered that the credentials stored in the configuration files are encrypted, but the encryption key is hardcoded and allows the hacker to get the password needed to log into the SiteScope interface with administrator privileges.

Once the hacker has access to the administration interface, he can get the credentials for the Linux and Windows servers that are monitored via SiteScope. The admin interface shows the passwords only as dots, but the actual password is transmitted in clear text over an insecure connection to the client, allowing man-in-the-middle attack to be used to steal the information easily.

HPE said it plans to solve the problem of insecure transmission of credentials in the third quarter of the year. The company also pointed out that the encryption-related problems are covered in chapter 20 of the SiteScope deployment guide.

It is not unusual for HPE to provide workarounds for SiteScope's vulnerabilities instead of patches, but this seriously threatens the cybersecurity of its users.

Would you like to comment on this article?

Share

Latest news

20.10.2017

University expelled student for using hardware keylogger

Kansas University has expelled a student for installing a hardware keylogger.

20.10.2017

Fancy Bear hacker group exploits recently patched Flash vulnerability

Russia-linked cyber espionage group has been using a recently patched Adobe Flash Player vulnerability in attacks aimed at government organizations and aerospace companies.

20.10.2017

Sockbot enslave Android devices into botnet

A newly discovered Android malware that can add the compromised devices to a botnet that could launch DDoS attacks.

Sign up for our online newsletter!