Publicy accessible IDRAC instance at api-m.inapp.pushwoosh.com
Low
P
Pushwoosh
Submitted None
Actions:
Reported by
sp1d3rs
Vulnerability Details
Technical details and impact analysis
Hi. I discovered a publicy accessible IDRAC instance at api-m.inapp.pushwoosh.com. I know this subdomain is out of scope, but still consider to report it. Since default credentials root/calvin not work, there are no security risks for now, but so far the instance is available to public, in the future it may have some security risks, for example, if Dell firmware update will reset credentials to default, or new exploits for IDARC8 will appear.
So i recommend you restrict the access to this system.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic