Share
# Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure  
# Date: 2020-01-27  
# Exploit Author: Fabien AUNAY, Omri Baso  
# Vendor Homepage: https://www.centreon.com/  
# Software Link: https://github.com/centreon/centreon  
# Version: 19.10.5  
# Tested on: CentOS 7  
# CVE : -  
  
###########################################################################################################  
Centreon 19.10.5 Database Credentials Disclosure  
  
Trusted by SMBs and Fortune 500 companies worldwide.  
An industry reference in IT Infrastructure monitoring for the enterprise.  
Counts 200,000+ ITOM users worldwide and an international community of software collaborators.  
Presence in Toronto and Luxembourg.  
Deployed in diverse sectors:  
- IT & telecommunication  
- Transportation  
- Government  
- Heath care  
- Retail  
- Utilities  
- Finance & Insurance  
- Aerospace & Defense  
- Manufacturing  
- etc.  
  
###########################################################################################################  
  
POC:  
  
- Configuration / Pollers / Broker configuration  
-- Central-broker | Central-broker-master  
--- Output  
  
It is possible to discover the unencrypted password with the inspector.  
  
  
DB user centreon  
DB password ********  
<input size="120" name="output[0][db_password]" type="password" value="ZVy892xx">