Information leak in ZENworks Asset Management disclosed
The Metasploit developers have discovered an information leaking vulnerability in Novell ZENworks Asset Management 7.5 that allows a remote attacker to read files that have system-level privileges and extract all information stored by the application. Juan Vazquez from Rapid7 explains that the web console of ZENworks Asset Management provides two maintenance calls that can be used with hard-coded credentials.
One of the calls allows remote attackers to gain access to the filesystem, while the other call gives details of the software's backend database credentials in clear text. Vazquez discovered the vulnerability in August and immediately wrote a Metasploit module to exploit it. He then disclosed it to Novell and US CERT, and has now published the exploit and corresponding Metasploit module.
The vulnerability currently remains unpatched and US CERT recommends that users implement firewall rules that will restrict access to the web interface by unauthorised users.