{"id":"CVE-2020-8657","details":"An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing an attacker to calculate/guess the admin access token.","modified":"2026-04-10T04:28:26.608348Z","published":"2020-02-06T18:15:13.963Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-8657"},{"type":"ADVISORY","url":"https://github.com/EyesOfNetworkCommunity/eonapi/issues/17"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eyesofnetworkcommunity/eonweb","events":[{"introduced":"0"},{"last_affected":"71e23ee4cb7baa20b1654cfdd326d6ca22e2249f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.3-0"}]}}],"versions":["4.3-0","5.3-0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8657.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}