Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "OpenBMCS 2.4 Secrets Disclosure" module is designed to detect a misconfiguration vulnerability in the OpenBMCS software version 2.4. This vulnerability allows an attacker to gain access to sensitive files and potentially exploit the disclosed information to gain full BMS (Building Management System) access. The severity of this vulnerability is classified as high.
This module was authored by dhiyaneshDK.
If successfully exploited, the "OpenBMCS 2.4 Secrets Disclosure" vulnerability can lead to unauthorized access to sensitive files and potentially compromise the entire BMS system. This can result in unauthorized control over building operations, potentially causing disruptions, privacy breaches, and other security risks.
The "OpenBMCS 2.4 Secrets Disclosure" module works by sending an HTTP GET request to the "/debug/" path of the target OpenBMCS system. It then applies matching conditions to determine if the vulnerability is present.
One example of a matching condition is checking if the response body contains the words "change_password_sqls" and "Index of /debug". Additionally, the module checks if the HTTP response status is 200.
If all matching conditions are met, the module reports the vulnerability, indicating that the target OpenBMCS system is misconfigured and susceptible to secrets disclosure.
For more information, you can refer to the exploit-db.com reference.