4、研究人员发现监控工具MONyog存在提权漏洞
标题:Researcher found a severe flaw in the MONyog monitoring tool
作者信息:December 29, 2016 By Pierluigi Paganini
//BEGIN
A security expert discovered a vulnerability in the MONyog tool that could be exploited by a normal user to elevate his privilege access.
MONyog是一个号称是最安全的MySQL数据库的监控工具。但是最近被安全专家发现存在严重安全漏洞。一个普通用户可以通过该漏洞进行提升权限到系统管理员级别,而且步骤并不复杂。
//END
I reached the researcher for a comment:
“Since this is a commercial application and organizations pay for this, they At least need something secure and worth that price. ” explained Mutail.
“The organization could have a huge impact on this, because if let’s say a normal user goes rogue, he could get admin level access to organizations network. Since this application does use LDAP authentication. “
发现该漏洞的安全专家声称:既然这个MONyog是一个商业软件,而且其客户都是企业用户,他们都是付了钱的,总该物有所值吧。这个漏洞对企业的影响极大,但凡有一个普通权限的用户想动歪心思,他就有机会通过这个漏洞提升自身权限到系统管理员级别。
点评:好像没提出解决方案? |