1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. EyesOfNetwork Use of Hard-Coded Credentials Vulnerability

Known Exploited Vulnerabilities CVE-2020-8657

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2020-8657 EyesOfNetwork Use of Hard-Coded Credentials Vulnerability exploitation_technique T1106 Native API
Comments
CVE-2020-8657 identifies a security issue in EyesOfNetwork 5.3 that exposes a vulnerability in the API key implementation.
References
  1. https://www.clouddefense.ai/cve/2020/CVE-2020-8657