Serious vulnerabilities in HPE SiteScope found

19.06.2017

hpe-sitescope-vulnerabilities

 

Several potentially serious vulnerabilities in HPE SiteScope were identified. There are no patches yet, so to prevent hacker attacks, users need to apply workarounds.

HPE SiteScope is a performance and availability monitoring software for distributed IT infrastructures, including servers, network services, applications, and operating systems.

The cybersecurity specialist Richard Kelley has discovered several vulnerabilities in product version 11.31.461.

Kelley has noticed that the company has not yet released patches for a critical remote code execution vulnerability disclosed in 2012 and for which a Metasploit is available.

HPE recommends that users prevent attacks by setting a specific flag in the “groups/master.config” file to disable old APIs.

“I wonder how many admins know about this setting, and why wouldn’t HPE just remove the old APIs from new versions if they are no longer needed?” Kelley said.

The expert has also discovered that the credentials stored in the configuration files are encrypted, but the encryption key is hardcoded and allows the hacker to get the password needed to log into the SiteScope interface with administrator privileges.

Once the hacker has access to the administration interface, he can get the credentials for the Linux and Windows servers that are monitored via SiteScope. The admin interface shows the passwords only as dots, but the actual password is transmitted in clear text over an insecure connection to the client, allowing man-in-the-middle attack to be used to steal the information easily.

HPE said it plans to solve the problem of insecure transmission of credentials in the third quarter of the year. The company also pointed out that the encryption-related problems are covered in chapter 20 of the SiteScope deployment guide.

It is not unusual for HPE to provide workarounds for SiteScope's vulnerabilities instead of patches, but this seriously threatens the cybersecurity of its users.

Would you like to comment on this article?

Share

Latest news

15.12.2017

Hacker removed malware from Netgear site, the company failed to do so for 2 years

An anonymous hacker has removed malware from a Netgear site after the company failed to clean up a malware infection for more than two years.

15.12.2017

Hacker robbed church in Northern Ireland

The hacker told the priest that the church computer should be remotely accessible to fix an internet problem.

15.12.2017

Synaptics to remove keylogger from its drivers

The company has decided to remove the keylogger functionality from its products.

Sign up for our online newsletter!