QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure

What is the "QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure?"

The "QiHang Media Web Digital Signage 3.0.9 - Cleartext Credentials Disclosure" module is designed to detect a vulnerability in the QiHang Media Web Digital Signage software version 3.0.9. This vulnerability allows for the disclosure of cleartext credentials, posing a high risk to the security of the system.

Impact

If exploited, this vulnerability could lead to unauthorized access to sensitive information, such as usernames and passwords, stored in the QiHang Media Web Digital Signage software. Attackers could potentially use these credentials to gain unauthorized access to the system or other connected resources.

How the module works?

The module works by sending an HTTP GET request to the "/xml/User/User.xml" path of the target system. It then analyzes the response body for specific patterns that indicate the presence of cleartext credentials. The matching conditions include the presence of "", "account=", and "password=" in the response body.

By detecting these patterns, the module can identify instances where the QiHang Media Web Digital Signage software is vulnerable to cleartext credentials disclosure. This information can then be used to take appropriate actions to secure the system and prevent unauthorized access.