CVE-2020-8657
EyesOfNetwork Use of Hard-Coded Credentials Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
Se detectó un problema en EyesOfNetwork versión 5.3. La instalación utiliza la misma clave de la API (embebida como EONAPI_KEY en el archivo include/api_functions.php para la API versión 2.4.2) por defecto para todas las instalaciones, lo que permite a un atacante calcular y adivinar el token de acceso de administrador.
EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-06 CVE Reserved
- 2020-02-06 CVE Published
- 2020-03-05 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-06-01 EPSS Updated
- 2024-08-04 CVE Updated
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://github.com/EyesOfNetworkCommunity/eonapi/issues/17 | Third Party Advisory | |
| https://github.com/h4knet/eonrce |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/48169 | 2020-03-05 | |
| http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eyesofnetwork Search vendor "Eyesofnetwork" | Eyesofnetwork Search vendor "Eyesofnetwork" for product "Eyesofnetwork" | 5.3-0 Search vendor "Eyesofnetwork" for product "Eyesofnetwork" and version "5.3-0" | - |
Affected
| ||||||