CVE-2021-37157 – CVE-2021-37157 exposes the root password in cle... (How to Fix)

Q: What is the severity of CVE-2021-37157?

CVE-2021-37157 has a CVSS score of 8.8 (HIGH). CVE-2021-37157 exposes the root password in cleartext within the OpenGamePanel OGP-Agent-Linux configuration file. This allows attackers with file read access to obtain root credentials, potentially leading to complete system compromise. All systems running vulnerable versions of OGP-Agent-Linux are affected.

📋 TL;DR

CVE-2021-37157 exposes the root password in cleartext within the OpenGamePanel OGP-Agent-Linux configuration file. This allows attackers with file read access to obtain root credentials, potentially leading to complete system compromise. All systems running vulnerable versions of OGP-Agent-Linux are affected.

💻 Affected Systems

Products:

OpenGamePanel OGP-Agent-Linux

Versions: All versions through 2021-08-14

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration where the Config.pm file contains cleartext root password.

📦 What is this software?

Opengamepanel by Opengamepanel

View all CVEs affecting Opengamepanel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root-level compromise of the server, allowing attackers to install malware, exfiltrate data, pivot to other systems, or destroy the system.

🟠

Likely Case

Privilege escalation from a lower-privileged user to root, leading to unauthorized administrative access and potential data theft.

🟢

If Mitigated

Limited impact if proper file permissions restrict access to the configuration file and root password rotation is implemented.

🌐 Internet-Facing: MEDIUM - Requires file read access; if web interface or other services expose file access, risk increases.

🏢 Internal Only: HIGH - Internal users with any level of access could potentially read the file and escalate privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires read access to the Config.pm file; authenticated users or those with file access can easily extract credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2021-08-14

Vendor Advisory: https://github.com/OpenGamePanel/OGP-Agent-Linux/commits/master

Restart Required: No

Instructions:

1. Update OGP-Agent-Linux to the latest version from the official repository. 2. Verify the Config.pm file no longer contains cleartext passwords. 3. Change the root password if it was exposed.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Set strict file permissions on Config.pm to prevent unauthorized read access.

chmod 600 $HOME/OGP/Cfg/Config.pm
chown root:root $HOME/OGP/Cfg/Config.pm

Remove Cleartext Password

linux

Manually edit Config.pm to remove or encrypt the root password field.

vi $HOME/OGP/Cfg/Config.pm
Remove or hash the 'root_password' line

🧯 If You Can't Patch

Change the root password immediately to invalidate exposed credentials.
Implement strict access controls and monitoring on the Config.pm file.

🔍 How to Verify

Check if Vulnerable:

Check if Config.pm contains cleartext root password: grep -i 'root_password' $HOME/OGP/Cfg/Config.pm

Check Version:

Check OGP-Agent-Linux version or installation date; versions before 2021-08-14 are vulnerable.

Verify Fix Applied:

Verify Config.pm no longer shows cleartext password and file permissions are restricted: ls -la $HOME/OGP/Cfg/Config.pm

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Config.pm file
Sudden root login from unusual locations

Network Indicators:

Unexpected SSH connections to root account
Anomalous outbound data transfers

SIEM Query:

Example: (event_type="file_access" AND file_path="*OGP/Cfg/Config.pm") OR (auth_type="root" AND source_ip NOT IN trusted_ips)

📊 Metadata

CVE ID: CVE-2021-37157

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-312

Published: November 10, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/OpenGamePanel/OGP-Agent-Linux/commits/master Patch,Third Party Advisory
https://www.exploit-db.com/exploits/50373 Exploit,Third Party Advisory,VDB Entry
https://github.com/OpenGamePanel/OGP-Agent-Linux/commits/master Patch,Third Party Advisory
https://www.exploit-db.com/exploits/50373 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37157, you might also want to check these: