CVE-2010-4279 — AI Deep Analysis Summary

🚨 **Essence**: Default config flaw in Pandora FMS allows auth bypass. 💥 **Consequences**: Attackers gain unauthorized admin access without credentials. The system fails to enforce security on default settings.

🛡️ **Root Cause**: Weak default configuration. Specifically, the `loginhash_pwd` field is set to an **empty string** by default. This allows predictable hash generation for the 'admin' user.

📦 **Affected**: Pandora FMS (Flexible Monitoring System). 📅 **Versions**: 3.1 and earlier. 🖥️ **Component**: The web console (`index.php`) handling login hashes.

🕵️ **Attacker Action**: Bypass authentication completely. 🎯 **Privileges**: Gain **Admin** privileges. 📂 **Data**: Full access to network, server, and application monitoring data. No password needed!

📉 **Threshold**: **LOW**. 🚪 **Auth**: None required. ⚙️ **Config**: Relies on default settings. Attackers just need to send a specific request with known MD5 hashes. Very easy to exploit.

🔥 **Public Exp?**: **YES**. 📜 **References**: Exploit-DB IDs 15639 and 35731. 🌍 **Status**: Wild exploitation is possible using simple HTTP requests with calculated hashes.

🔍 **Self-Check**: Scan for Pandora FMS versions ≤ 3.1. 🧪 **Test**: Attempt login via `index.php` using `admin` user and pre-calculated MD5 hash for `loginhash_data`. If it grants access, you are vulnerable.

🩹 **Official Fix**: **YES**. 📥 **Patch**: Security patch available from SourceForge (dated Oct 13, 2010). 🔄 **Action**: Update to a version later than 3.1 or apply the specific security patch provided by the vendor.

🚧 **No Patch?**: **Workaround**: Change the default `loginhash_pwd` from empty to a **strong, random string**. 🛑 **Mitigation**: Restrict access to `index.php` via firewall/WAF if patching isn't immediate.

⚡ **Urgency**: **HIGH**. 🚨 **Priority**: Critical. Since it requires **no authentication** and exploits **default configs**, any unpatched instance is instantly compromised. Patch immediately!