gpmidi
20 Jun 2019

The config files and such in /usr/local/amc/app are all publicly accessible. 

$ curl http://gibson6/config/application.cfg
#Application Configuration
#Thu Jun 20 02:25:22 EDT 2019
rmi.enable_ssl=false
ldapcfg.enable=false
disable_guest=false
screensaver.motion_delay=3000
screensaver.ystep=2
disable_service=false
timezone.custom=
screensaver.normal_image=REMOVED
screensaver.failure_image=REMOVED
screensaver.movement=1
session.timeout=60
screensaver.warning_image=REMOVED
screensaver.xstep=3
ldapcfg.port=389
timezone=US/Eastern
screensaver.type=1
screensaver.wait_delay=900000
ldapcfg.version=2

Some more sensitive info is accessbile too. See /resources/security/postgres.key

Tags