Regarding Possible internal IP address disclosure

Discuss new project and feature ideas here.
See labs.nagios.com for new projects under development.

Regarding Possible internal IP address disclosure

Postby rajatbel » Tue May 14, 2019 11:40 am

A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks
During GET /Nagios/cgi-bin/status.json?details=true HTTP/1.1
communication between client and CGI is not encrypted.
rajatbel
 
Posts: 2
Joined: Tue May 14, 2019 5:31 am

Re: Regarding Possible internal IP address disclosure

Postby scottwilkerson » Tue May 14, 2019 11:44 am

Is there a question here?

I'm not sure what is producing this status.json you are referring to as that is not part of the nagios package.

Additionally, by default everything in the nagios directory should be blocked by basic authentication
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 14458
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises


Return to Nagios Ideas

Who is online

Users browsing this forum: No registered users and 0 guests