Changes between Version 3 and Version 4 of dev/tls


Ignore:
Timestamp:
Oct 27, 2021 9:34:40 PM (3 years ago)
Author:
jonathan
Comment:

RMI attack vector

Legend:

Unmodified
Added
Removed
Modified

  • dev/tls

    v3 v4  
    6464
    6565The JMC logs are generated at `~/.jmc/<version>/.metadata/.plugins/org.eclipse.ui.workbench/log`
     66
     67= Attack Vectors
     68Exposing the JMI registry can be easily achieved with the help of a handy `nmap` script, fortunately the real vulnerable JMI endpoint is protected by TLS.  I ran the script described in [https://itnext.io/java-rmi-for-pentesters-structure-recon-and-communication-non-jmx-registries-a10d5c996a79 this article on pentesting RMI] and all it revealed is that there is an encrypted RMI endpoint on the TCP port next door.  With mutual X509 PKI authentication the risk is significantly mitigated AFAIK.
     69
     70[[Image(nmap-rmi.png)]]