|
|
| |
Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server is enabled by default in vulnerable versions of the software, requiring no authentication.
The HTTP feature allows remote users to view the network monitoring logs. These logs can contain internal IP addresses and other information about your network (depending on what monitoring you have set up). |
| |
Credit:
The information has been provided by Rapid 7 Security Advisories.
|
| |
Vulnerable systems:
* Alchemy Eye and Alchemy Network Monitor v1.9x through v2.6.18
Immune systems:
* Alchemy Eye v2.6.19 and greater (web access disabled by default)
* Alchemy Eye v1.7 (has no web access feature)
* Alchemy Eye v1.8 (has no web access feature)
Solution:
If you are using any of the vulnerable versions, we suggest the following:
(a) Disable HTTP access completely via Preferences. You must restart the product for this to take effect.
Or,
(b) Require HTTP authentication via Preferences. You must restart the product for this to take effect. This is only possible with versions 2.6.x and later (earlier versions have no authentication option).
(c) Lock down the ACLs of the directory where you installed the product. The username and password for HTTP authentication are stored in clear text in the file eye.ini.
Detailed analysis:
Vulnerable versions install by default with web access enabled. This allows remote users to view the logs. The product stores all its settings in a file called eye.ini.
If you choose to enable HTTP and require authentication, the eye.ini file will contain the following section:
[Web settings]
Port to listen=80
Allow web access=1
Login=webuser
Password=webpass
Where "webuser" is the username and "webpass" is the clear text password.
|
|
|
|
|
|
|
|
