An issue exists in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an malicious user to calculate/guess the admin access token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eyesofnetwork eyesofnetwork 5.3-0 |