Skip to main content



antMan Authentication Bypass

Issue Summary antMan versions <= 0.9.0c contain a critical authentication defect, allowing an unauthenticated attacker to obtain root permissions within the antMan web management console.

TL;DR - username=>&password=%0a == root access
Vendor BackgroundTechRepublic describes the antsle as…A private cloud server, designed for developers, that can serve businesses of all sizes. With this piece of hardware, you can roll out servers, containers, you name it—all from a user-friendly web-based GUI.The web-based GUI is antMan, responsible for provisioning and maintaining your virtual servers and containers. Walk-through How antMan Authenticates The antMan authentication implementation obtains user-supplied username and password parameters from a POST request issued to /login. Next, antMan utilizes Java’s ProcessBuilder class to invoke, as root, a bash script called antsle-auth.

This bash script takes in three arguments:
The functional action to take (login or chpass)usernamepassword…

Latest Posts