This host is running VDG Security Sense and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to read arbitrary files, bypass authentication mechanisms and cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. Impact Level: System/Application

No solution or patch is available as of 9th February, 2015. Information regarding this issue will updated once the solution details are available. For updates refer to https://vdgsecurity.com

Multiple flaws are due to, - An input is not properly sanitized when handling HTTP authorization headers. - The program transmitting configuration information in cleartext. - The 'root' account has a password of 'ArpaRomaWi', the 'postgres' account has a password of '!DVService', and the 'NTP' account has a password of '!DVService', these accounts are publicly known and documented. - The program returning the contents of the users.ini file in authentication responses. - The user-supplied input is not properly validated when passed via the username or password in AuthenticateUser requests. - The program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') in a URI.

VDG Security SENSE (formerly DIVA) 2.3.13

Send a crafted data via HTTP GET request and check whether it is possible to read a local file

• http://packetstormsecurity.com/files/129656
• http://seclists.org/fulldisclosure/2014/Dec/76
• http://www.osvdb.org/116188
• http://www.osvdb.org/116189
• http://www.osvdb.org/116190
• http://www.osvdb.org/116191
• http://www.osvdb.org/116193

---

Updated on 2015-03-25