ID07 | Password in user’s description
A classical case of finding the password of a user in the account description.
Table of availables actions, states, and targets
Vulnerability ID |
Trigger available |
Default state |
Default target |
|---|---|---|---|
07 | Password in user’s description |
No |
Absent |
dc01 & saul.goodman |
Launch
Enable
# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/07.yml --extra-vars "action=enable"
Disable
# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/07.yml --extra-vars "action=disable"
Implementation
Enable
A password is added in a user’s account description.
Reference:
Disable
The user’s description is deleted.
Reference:
Customization
You can choose another target than the default one.
user_name = any user
action = enable | disable
Example with the user walter.white:
# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/07.yml --extra-vars "action=enable user_name=walter.white"