IT giant Dell is shipping computers with support software that leaks extensive amounts of information about the systems it is preloaded on, researchers have found.
LizardHQ researcher "slipstream/RoL" discovered that the Dell Foundation Services application, used to provide information for customer support, also installs and activates a webserver on computers. The security research firm counts some former LulzSec hacktivists as members.
The webserver responds to queries on transmission control protocol (TCP) port 7779 - by issuing requests to the webserver, attackers can query Microsoft's Windows Management Instrumentation (WMI) utility to glean full information about a victim's system.
Information leaked via WMI, which is used for systems management, includes details of the computer hardware, software, running processses and services, which storage is accessible, file data such as their names, dates and sizes, and more.
Prior to the recently discovered information disclosure vulnerability, LizardHQ had found that the webserver would leak Dell service tags, which are hardcoded and unique for each system.
Dell addressed that vulnerability, but in doing so, made the web interface a simple object access protocol (SOAP) service, the researchers said.
Vulnerable systems connected to the internet can be found via the Shodan.io scanner, and the flaw can also be exploited via local area networks, according to LizardHQ.
LizardHQ recommends that Dell users uninstall the Dell Foundation Services software.
Earlier in November this year, Dell had to scramble to plug another serious vulnerability in its support software.
The company shipped a fake, eDellRoot certificate authority (CA) and included its private key, for SSL/TLS protected connections that web browsers would trust.
This created a vulnerability that could be used to silently intercept SSL/TLS encrypted communications as well as sign malicious code that would be trusted by the computer operating system.
