Skip to content

Instantly share code, notes, and snippets.

@berkgoksel

berkgoksel/CVE-2018-10286.md

Last active April 22, 2018 16:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save berkgoksel/fde102503c457c0344e2e53b7971437a to your computer and use it in GitHub Desktop.
Save berkgoksel/fde102503c457c0344e2e53b7971437a to your computer and use it in GitHub Desktop.
Download ZIP
The Ericsson-LG iPECS NMS A.1Ac web application discloses cleartext credentials
Raw
CVE-2018-10286.md

Suggested description

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.

Vulnerability Type

Credential disclosure

Vendor of Product

Ericsson-LG

Affected Product Code Base

iPECS NMS - A.1Ac

Attack Type

Remote

Reference

https://www.youtube.com/watch?v=ah3MLcAURlc

https://www.ipecs.com/site/lgericsson/menu/158.do?scene=detail&productNo=45

Discoverer

Berk Cem Goksel

CVE-2018-10286

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment