Application Details
ManageEngine OpManager is a comprehensive network monitoring software that provides network administrators with an integrated console for managing routers, firewalls, servers, switches, and printers.
Vulnerability
The lack of proper request handling mechanism had resulted in unauthenticated access of the user API key. Anyone can retrieve the API key of a valid user without authentication and can access the external APIs.
Identification
By sending a specially crafted request, an attacker could exploit this vulnerability to obtain the user API key information and then access external APIs.
POST /RestAPI/getAPIKeyPAYLOAD - operation=getUserAPIKey&username=admin&domainname=-&HANDSHAKE_KEY=pppppppppppppppppppppppppppppppppppppppppppppppppDetection
By turning this into a traffic file and matching rule, we are able to detect attempts by unauthenticated attackers to obtain a user's API key and gain unauthorised access to the application.
Coverage
Idappcom has created signature 8023052 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional