当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-083182

漏洞标题:中粮某弱口令可影响企业内部信息安全

相关厂商:中粮集团有限公司

漏洞作者: 路人甲

提交时间:2014-11-13 19:49

修复时间:2014-11-18 19:50

公开时间:2014-11-18 19:50

漏洞类型:内部绝密信息泄漏

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-11-13: 细节已通知厂商并且等待厂商处理中
2014-11-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中粮某弱口令可影响企业内部信息安全1

详细说明:

1>闲来无聊,就用双拼,三拼用户名的跑了一下邮箱,正巧跑出来一个弱口令。
mail.cofco.com
shengxw,123456
居然有人在钓鱼...真叼炸天,这个手法可以学习一下。

1.png


2>sorry,我翻了这位仁兄的邮件,发现这个东西。
http://home.cofco.com/
看邮件应该是内网可访问的,不晓得为啥子,外网可访问了。

2.png


3>登录发现企业的通讯录等重要应用系统,通讯录中有所有员工的邮件和域用户名(最近不是有IE通杀么?结合一下做个钓鱼,估计效果应该还是很好的吧!)

3.png


5.png


4>可登录很多系统,我怀疑做的是一个SSO单点认证,这样做很危险啊骚年!

6.png


5>对了,你们的DNS域传输什么时候修?

cofco.com.	3600	IN	NS	bj-ns-03.cofco.com.
cofco.com.	3600	IN	NS	bj-ns-02.cofco.com.
cofco.com.	3600	IN	NS	bj-ns-04.cofco.com.
cofco.com.	3600	IN	NS	bj-ns-01.cofco.com.
cofco.com.	3600	IN	MX	5 mx1.cofco.com.
360rating.cofco.com.	3600	IN	A	152.5.125.110
506bpm.cofco.com.	3600	IN	A	10.6.5.18
506crm.cofco.com.	3600	IN	A	152.5.88.107
506CSC.cofco.com.	3600	IN	A	219.146.64.6
506dms.cofco.com.	3600	IN	A	10.6.5.93
506IMS.cofco.com.	3600	IN	A	10.6.5.100
506mcm.cofco.com.	3600	IN	A	10.6.5.76
506pingjia.cofco.com.	3600	IN	A	10.6.5.23
506pts.cofco.com.	3600	IN	A	10.6.5.89
506srm.cofco.com.	3600	IN	A	10.6.5.87
506WGM.cofco.com.	3600	IN	A	10.6.5.112
506wos.cofco.com.	3600	IN	A	10.6.5.94
606app.cofco.com.	3600	IN	A	10.6.130.12
606app02.cofco.com.	3600	IN	A	10.6.10.111
606app03.cofco.com.	3600	IN	A	10.6.10.140
606apptest.cofco.com.	3600	IN	A	10.6.10.110
_autodiscover._tcp.cofco.com.	3600	IN	SRV	0 0 443 mail.cofco.com.
_sipfederationtls._tcp.cofco.com.	3600	IN	SRV	0 0 5061 lync.cofco.com.
_sip._tls.cofco.com.	3600	IN	SRV	0 0 5061 lync.cofco.com.
an.cofco.com.	3600	IN	A	10.6.28.16
arms.cofco.com.	3600	IN	A	106.37.237.214
audit.cofco.com.	3600	IN	A	10.6.57.91
bcbe.cofco.com.	3600	IN	A	152.5.90.205
bcbebi.cofco.com.	3600	IN	A	10.6.9.16
bcbefk.cofco.com.	3600	IN	A	10.6.9.4
bchome.cofco.com.	3600	IN	A	10.6.9.11
bcoa.cofco.com.	3600	IN	A	10.6.9.12
behome.cofco.com.	3600	IN	A	10.6.9.20
beoa.cofco.com.	3600	IN	A	10.6.9.21
BI.cofco.com.	3600	IN	A	10.6.128.51
bimob.cofco.com.	3600	IN	A	10.6.128.50
bj-ns-01.cofco.com.	3600	IN	A	10.6.128.116
bj-ns-02.cofco.com.	3600	IN	A	152.5.4.22
bj-ns-03.cofco.com.	3600	IN	A	10.6.128.116
bj-ns-04.cofco.com.	3600	IN	A	152.5.4.22
c3.cofco.com.	3600	IN	A	106.37.237.211
c606it01.cofco.com.	3600	IN	A	10.6.10.152
ca.cofco.com.	3600	IN	A	10.6.2.201
careers.cofco.com.	3600	IN	A	152.5.90.207
ccba.cofco.com.	3600	IN	A	10.6.2.210
chatpool.cofco.com.	3600	IN	A	10.6.128.23
chengxin.cofco.com.	3600	IN	A	152.5.90.207
cofcomag.cofco.com.	3600	IN	A	10.6.128.5
course.cofco.com.	3600	IN	A	152.5.90.62
crm.cofco.com.	3600	IN	A	152.5.125.23
dmbi.cofco.com.	3600	IN	A	10.6.130.202
dmcrm.cofco.com.	3600	IN	A	10.6.130.201
dmcrmtest.cofco.com.	3600	IN	A	10.6.130.203
dmgp.cofco.com.	3600	IN	A	10.6.10.138
dmll.cofco.com.	3600	IN	A	10.6.10.145
dmoa.cofco.com.	3600	IN	A	10.6.130.204
dmoatest.cofco.com.	3600	IN	A	10.6.130.205
dmoatest01.cofco.com.	3600	IN	A	10.6.130.206
dmoo.cofco.com.	3600	IN	A	10.6.10.144
dmpurchase.cofco.com.	3600	IN	A	10.6.10.169
e-learning.cofco.com.	3600	IN	A	152.5.90.63
edgepool.cofco.com.	3600	IN	A	10.6.128.23
ehr.cofco.com.	3600	IN	A	10.6.57.66
3g.ehr.cofco.com.	3600	IN	A	10.6.57.66
ehrtest.cofco.com.	3600	IN	A	152.5.125.110
elife.cofco.com.	3600	IN	A	10.6.128.50
EV.cofco.com.	3600	IN	A	10.6.59.95
expo2010.cofco.com.	3600	IN	A	152.5.125.41
ez6s.cofco.com.	3600	IN	A	152.5.125.50
finance.cofco.com.	3600	IN	A	10.8.29.5
fms.cofco.com.	3600	IN	A	152.5.90.205
fmsdata.cofco.com.	3600	IN	A	152.5.90.55
futures.cofco.com.	3600	IN	A	10.6.8.19
gate.cofco.com.	3600	IN	A	152.5.90.51
gate.cofco.com.	3600	IN	MX	5 gate.cofco.com.
gloria.cofco.com.	3600	IN	A	121.199.69.87
gwsales.cofco.com.	3600	IN	A	10.6.4.107
haoshiku.cofco.com.	3600	IN	CNAME	www.haoshiku.com.
healthclub.cofco.com.	3600	IN	CNAME	healthclub.cofco.appinside.com.
healthclubapi.cofco.com.	3600	IN	A	10.6.0.50
home.cofco.com.	3600	IN	A	10.6.128.25
hotel.cofco.com.	3600	IN	A	10.6.12.22
hrtest.cofco.com.	3600	IN	A	124.117.242.177
huihuang60.cofco.com.	3600	IN	A	152.5.90.207
i-rice.cofco.com.	3600	IN	MX	10 freemail-g5.xinnetdns.com.
mail.i-rice.cofco.com.	3600	IN	CNAME	freemail-g5.xinnetdns.com.
idea.cofco.com.	3600	IN	A	106.37.237.213
ihome.cofco.com.	3600	IN	A	10.6.128.25
im.cofco.com.	3600	IN	A	111.207.82.72
imeeting.cofco.com.	3600	IN	A	10.6.128.53
info.cofco.com.	3600	IN	A	152.5.125.110
InfoCollect.cofco.com.	3600	IN	A	10.6.57.124
innofair.cofco.com.	3600	IN	A	106.37.237.213
ipms.cofco.com.	3600	IN	A	106.37.237.215
itunhe.cofco.com.	3600	IN	A	124.117.242.177
itunhemail.cofco.com.	3600	IN	A	124.117.242.177
itunheoa.cofco.com.	3600	IN	A	124.117.242.177
iufo.cofco.com.	3600	IN	A	10.6.2.102
jc.cofco.com.	3600	IN	A	10.6.128.50
joycitycrmws.cofco.com.	3600	IN	A	10.6.131.2
km.cofco.com.	3600	IN	A	10.6.4.100
kmtest.cofco.com.	3600	IN	A	10.6.4.103
lanxin.cofco.com.	3600	IN	A	10.6.128.60
leader.cofco.com.	3600	IN	A	10.6.2.199
live.cofco.com.	3600	IN	A	10.6.57.169
lync.cofco.com.	3600	IN	A	10.6.128.23
lync-owa01.cofco.com.	3600	IN	A	10.6.57.163
lyncdiscover.cofco.com.	3600	IN	A	10.6.57.160
m.cofco.com.	3600	IN	A	10.6.128.53
mail.cofco.com.	3600	IN	A	10.6.61.88
mail2.cofco.com.	3600	IN	A	152.5.90.205
mail2k7.cofco.com.	3600	IN	A	10.6.61.88
md.cofco.com.	3600	IN	A	10.6.128.140
mdm.cofco.com.	3600	IN	A	10.6.128.11
media.cofco.com.	3600	IN	A	152.5.90.207
media1.cofco.com.	3600	IN	A	152.5.90.207
mediationpool.cofco.com.	3600	IN	A	10.6.128.23
mx1.cofco.com.	3600	IN	A	152.5.4.5
nc.cofco.com.	3600	IN	A	10.6.2.107
newkm.cofco.com.	3600	IN	A	106.37.237.210
nhribpm.cofco.com.	3600	IN	A	106.37.237.216
nhrisocial.cofco.com.	3600	IN	A	10.6.4.105
nw.cofco.com.	3600	IN	A	207.46.128.18
oil.cofco.com.	3600	IN	A	10.6.5.23
outspam.cofco.com.	3600	IN	A	10.6.128.22
plm.cofco.com.	3600	IN	A	106.37.237.217
plmpre.cofco.com.	3600	IN	A	106.37.237.218
pool.cofco.com.	3600	IN	A	10.6.57.160
prms.cofco.com.	3600	IN	A	10.6.57.53
property.cofco.com.	3600	IN	A	113.105.85.6
propertyinfo.cofco.com.	3600	IN	A	113.105.85.6
propertymail.cofco.com.	3600	IN	A	113.105.85.6
propertyoa.cofco.com.	3600	IN	A	113.105.85.6
propertyoa-test.cofco.com.	3600	IN	A	113.105.85.6
propertyoa1.cofco.com.	3600	IN	A	113.105.85.6
propertysm.cofco.com.	3600	IN	A	113.105.85.6
pwd.cofco.com.	3600	IN	A	10.6.57.62
qhselearning.cofco.com.	3600	IN	A	10.6.128.58
qscd.cofco.com.	3600	IN	A	10.6.57.42
qywh.cofco.com.	3600	IN	A	10.6.0.55
rating.cofco.com.	3600	IN	A	152.5.125.23
recruit.cofco.com.	3600	IN	A	152.5.125.23
report.cofco.com.	3600	IN	A	152.5.125.3
RTX.cofco.com.	3600	IN	A	10.6.128.131
rtxmetting.cofco.com.	3600	IN	A	10.6.128.132
rtxmobile.cofco.com.	3600	IN	A	10.6.128.133
SCRM.cofco.com.	3600	IN	A	10.6.57.124
sdc.cofco.com.	3600	IN	A	10.6.0.47
sentry.cofco.com.	3600	IN	A	10.6.128.26
sip.cofco.com.	3600	IN	A	10.6.128.23
spam.cofco.com.	3600	IN	A	152.5.4.5
sslvpn.cofco.com.	3600	IN	A	10.6.128.6
survey.cofco.com.	3600	IN	A	10.6.57.97
svnnhri.cofco.com.	3600	IN	A	10.6.4.113
tg.cofco.com.	3600	IN	A	152.5.176.42
th_webapp1.cofco.com.	3600	IN	A	124.117.242.177
thrd.cofco.com.	3600	IN	A	124.117.242.183
tomato.cofco.com.	3600	IN	MX	10 gate.cofco.com.
tunhemoss.cofco.com.	3600	IN	A	124.117.242.177
tunheoa.cofco.com.	3600	IN	A	152.5.125.33
tunheoai.cofco.com.	3600	IN	A	124.117.242.177
tunhetask.cofco.com.	3600	IN	A	124.117.242.177
vhome.cofco.com.	3600	IN	A	152.5.4.11
vip.cofco.com.	3600	IN	A	42.120.40.73
voc.cofco.com.	3600	IN	A	106.37.237.212
wangpan.cofco.com.	3600	IN	A	10.6.58.110
wine.cofco.com.	3600	IN	MX	10 gate.cofco.com.
www.cofco.com.	3600	IN	A	10.6.128.2
www1.cofco.com.	3600	IN	A	10.6.0.46
ytsales.cofco.com.	3600	IN	A	152.5.90.131
zlh.cofco.com.	3600	IN	A	115.28.237.201
zlrs.cofco.com.	3600	IN	A	10.6.36.1
zlwd.cofco.com.	3600	IN	A	219.238.239.158


漏洞证明:

修复方案:

1>整治弱口令帐号。
2>域传输也是要修的嘛。
3>内网应用不要放在外网
4>单点登录固然方便,但是也会带来太多的安全问题。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-11-18 19:50

厂商回复:

最新状态:

暂无