vendor:
Big Brother Network Monitor
by:
SecurityFocus
8.3
CVSS
HIGH
Remote Account Guessing
N/A
CWE
Product Name: Big Brother Network Monitor
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2001
Big Brother Network Monitor Remote Account Guessing
Big Brother Network Monitor is a robust, feature rich network monitoring package produced by BB4 Technologies. A problem exists that can allow remote account guessing. The problem occurs in the Common Gateway Interface package included with Big Brother, which runs on the Big Brother Display Server. The CGI is responsible for statistical posting of network operations on the Big Brother Display Server, an interface which is accessible via Web Browser. Due to insufficient handling of input, it is possible to verify the existance of sensitive files and valid user accounts through the the CGI of the Display Server. Yielding this information to a malicious user could result in a targeted brute force password cracking attack.
Mitigation:
Upgrade to the latest version of Big Brother Network Monitor.
