Detections
Analytics

Jenkins HP Application Automation Tools Plugin Password Encryption Security Weakness

medium Nessus Plugin ID 73302

Language:

Synopsis

The remote host is vulnerable to a password disclosure vulnerability.

Description

The remote host is using the Jenkins HP Application Automation tools plugin. Nessus was able to remotely access one or more unprotected file(s) in the Jenkins build system and decrypt the HP Application Lifecycle Management password. These passwords are currently encrypted with a known, hard-coded key.

Solution

The are no known patches for this issue. As a workaround, restrict access to affected systems.

See Also

http://www.nessus.org/u?6db2b6e6

Plugin Details

Severity: Medium

ID: 73302

File Name: jenkins_hp_alm_password_disclosure.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 4/2/2014

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Vulnerability Information

CPE: cpe:/a:cloudbees:jenkins

Required KB Items: www/Jenkins

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 4/8/2013

Reference Information

BID: 64621