Regarding Possible internal IP address disclosure

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
rajatbel
Posts: 2
Joined: Tue May 14, 2019 5:31 am

Regarding Possible internal IP address disclosure

Post by rajatbel »

A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks
During GET /Nagios/cgi-bin/status.json?details=true HTTP/1.1
communication between client and CGI is not encrypted.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: Regarding Possible internal IP address disclosure

Post by scottwilkerson »

Is there a question here?

I'm not sure what is producing this status.json you are referring to as that is not part of the nagios package.

Additionally, by default everything in the nagios directory should be blocked by basic authentication
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked