MICI NetFax Server Default Credential Disclosure Vulnerability

A vulnerability exists in MICI NetFax Server versions prior to 3.0.1.0, allowing an unauthenticated HTTP GET request to the /client.php endpoint to retrieve default administrator credentials in cleartext. This credential disclosure is a result of the application improperly exposing sensitive information through responses to the client, facilitated by a default configuration file that includes the credentials.

Impact

Exploitation of this vulnerability leads to unauthorized access as an administrator, potentially allowing for further actions within the application or system.

Reproduction

The vulnerability can be reproduced by sending an unauthenticated HTTP GET request to the /client.php endpoint. The response will include the default System Administrator credentials in cleartext, sourced from an automatically configured setup file.

Remediation

Users are advised to change default administrator passwords upon initial access and to ensure that user credentials are not exposed to the client in cleartext.