OpenBMCS Information Disclosure Vulnerability
Vulnerability
A directory listing vulnerability in OpenBMCS version 2.4 allows unauthenticated attackers to access sensitive files, including configuration files, database credentials, and system information. This vulnerability arises from the application's directory listing functionality, which can be exploited to browse directories such as '/debug/' and '/php/'.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including system details and database credentials, which could be leveraged to gain full access to the Building Management System.
Reproduction
The vulnerability can be reproduced by accessing the '/debug/' or '/php/' directories of an OpenBMCS 2.4 installation. The directory listing feature allows for browsing these directories, where sensitive files can be discovered and accessed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.