Xorux LPAR2RRD Privilege Escalation Vulnerability Allowing Sensitive Log Access

A vulnerability exists in Xorux LPAR2RRD versions through 8.04 on Rocky Linux 8.10, where an API endpoint intended for web application administrators is accessible to lower-level, read-only users. This endpoint can be exploited to download logs from the appliance configuration, which contain sensitive information such as password hashes for all users within the Xormon Original web application. An authenticated, read-only user could use this vulnerability to obtain and potentially crack these password hashes, targeting more privileged users including the admin.

Impact

Exploitation of this vulnerability allows read-only users to access sensitive logs containing password hashes for all users in the Xormon Original web application, including those with administrative privileges. This could lead to unauthorized access to admin accounts by cracking the hashed passwords.

Reproduction

To reproduce this vulnerability, a read-only user must authenticate and then access the vulnerable API endpoint that downloads logs. The logs will be in a tar.gz format, which can be extracted to reveal sensitive information that should not be accessible to read-only users, such as password hashes for all users within the Xormon Original web application.

Remediation

Users are advised to upgrade to Xorux LPAR2RRD version 8.05, which addresses this vulnerability.