Western Digital ShareSpace WEB GUI Information Disclosure

medium Nessus Plugin ID 60018

Synopsis

The remote web server contains an application that is affected by an information disclosure vulnerability.

Description

The web server for the Western Digital ShareSpace device identified is affected by an information disclosure vulnerability due to an improper configuration of access rights for the configuration file 'config.xml'. An attacker can directly access the 'config.xml' file without authentication and view sensitive information including network settings, SMB users and hashed passwords, and administrator credentials.

Solution

No vendor-supplied patch is available at this time. As a recommendation, access to the administrative interface should be allowed only from trusted networks.

See Also

http://www.nessus.org/u?5d40bae6

Plugin Details

Severity: Medium

ID: 60018

File Name: wd_sharespace_info_disclosure.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 7/18/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/sharespace

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/18/2012

Vulnerability Publication Date: 6/18/2012

Reference Information

BID: 54068