Vigil@nce - OSSEC: SSH access on agents
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can read passwords of the Agentless Monitoring of
OSSEC, in order to login with SSH on monitored servers.
Impacted products: OSSEC
Severity: 2/4
Creation date: 16/09/2014
DESCRIPTION OF THE VULNERABILITY
The OSSEC product has an Agentless Monitoring mode to monitor
hosts without an agent.
The SSH access to these servers is configured with:
/var/ossec/agentless/register_host.sh add uti@server password
The password is stored in the /var/ossec/agentless/.passlist file.
However, this file can be read by all local users.
An attacker can therefore read passwords of the Agentless
Monitoring of OSSEC, in order to login with SSH on monitored
servers.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OSSEC-SSH-access-on-agents-15360