CVE-2020-5248

HIGH LAB

Glpi < 9.4.6 - Hard-coded Credentials

Title source: rule

Description

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work.

Exploits (3)

nomisec WORKING POC 6 stars

by venomnis · poc

https://github.com/venomnis/CVE-2020-5248

View Code ZIP pw:eip

nomisec WORKING POC

by Mkway · poc

https://github.com/Mkway/CVE-2020-5248

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/indevi0us/cve-2020-5248

View Code ZIP pw:eip

References (2)

[Patch, Third Party Advisory] https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c

[Mitigation, Third Party Advisory] https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9

Scores

CVSS v3 7.2

EPSS 0.0284

EPSS Percentile 86.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull mysql:5.7.21

docker pull nginx:1.13.8-alpine

https://github.com/venomnis/CVE-2020-5248

https://github.com/Mkway/CVE-2020-5248

https://github.com/indevi0us/cve-2020-5248

View in Library

Details

CWE

CWE-798

Status published

Products (1)

glpi-project/glpi < 9.4.6

Published May 12, 2020

Tracked Since Feb 18, 2026