An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2020-8657 | EyesOfNetwork Use of Hard-Coded Credentials Vulnerability | exploitation_technique | T1106 | Native API |
Comments
CVE-2020-8657 identifies a security issue in EyesOfNetwork 5.3 that exposes a vulnerability in the API key implementation.
References
|