Eyes of Network API Insufficient Credential Protection (CVE-2020-8657)
Discription
A vulnerability exists in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.Read More
References
https://github.com/EyesOfNetworkCommunity/eonapi/issues/17http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8657Back to Main