CVE-2020-8657: 
EyesOfNetwork vulnerability analysis and mitigation

EyesOfNetwork version 5.3 contains a hard-coded credentials vulnerability (CVE-2020-8657) discovered in February 2020. The vulnerability exists in the installation process where the same API key (EONAPI_KEY) is hardcoded in include/api_functions.php, making it predictable across all installations (NIST, CISA).

The vulnerability stems from the use of a default API key ('€On@piK3Y') that remains unchanged after installation. The API token generation mechanism is based on a predictable formula combining the hardcoded API key, user ID, and server IP address. For example, for the admin account (ID '1'), the token is generated using: md5('€On@piK3Y' + '1') followed by sha256(md5_result + server_ip) (GitHub Issue).

This vulnerability allows attackers to calculate or guess the admin access token, potentially gaining unauthorized administrative access to the system. Since the API key is consistent across all installations and the token generation mechanism is known, attackers can predict valid authentication tokens (CISA).

Organizations should apply updates according to vendor instructions as recommended by CISA. The vulnerability was added to CISA's Known Exploited Vulnerabilities Catalog with a remediation due date of May 3, 2022 (CISA).