CVE-2020-8657

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3

Description The issue is related to the use of a hardcoded API key, EONAPI KEY, in the include/api functions.php file for API version 2.4.2. This allows an attacker to calculate or guess the admin access token, potentially leading to unauthorized access to protected information and privilege escalation.

Recommendations For EyesOfNetwork version 5.3, consider changing the default API key EONAPI KEY to a unique value to prevent unauthorized access. As a temporary workaround, restrict access to the API endpoint that uses the hardcoded EONAPI KEY until a patch is available.