[NT] Vulnerability in Hosting Controller (Username Detection)
From: support@securiteam.comDate: 02/04/02
- Previous message: support@securiteam.com: "[UNIX] Xkas Application Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 4 Feb 2002 20:43:21 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Vulnerability in Hosting Controller (Username Detection)
------------------------------------------------------------------------
SUMMARY
<http://www.hostingcontroller.com/> Hosting Controller is an all in one
administrative hosting tools for Windows. It automates all hosting tasks
and gives full control of each website to the respective owners. A
security vulnerability in the product allows attackers to find out a valid
username that is allowed to access the administrative CGI.
DETAILS
Vulnerable systems:
Hosting Controller version 1.4.1
Hosting Controller version 1.4.b
The site owners' may login to Hosting Controller by submitting the login
form either found at:
http://www.example.com/admin/
http://www.example.com/webadmin/
http://www.example.com/advwebadmin/
http://www.example.com/hostingcontroller/
* These paths are the most common ones for Hosting Controller login page.
If a non-existing username is entered, the form returns the message:
"The user name could not be found".
Anyone can try this login process for finding an existing user name. When
an existing username is entered, but the password supplied with it was
incorrect, the form returns the message:
"The user has entered an invalid password".
So now, the attacker may launch a brute force attack on the password
entry, for the known username. Therefore, it is even possible to easily
predict the username. Once logged in, the attacker will have total control
over the web site.
Solution:
The vendor replied within 12 hours after the contact, stating they would
release a patch within 1-2 weeks which will probably be based on the first
of the below suggested solutions. Hosting Controller managers were highly
responsive to this advisory submission and acknowledged the security
vulnerability in the Hosting Controller program. They responded quickly
and professionally which is a good action that every vendor should take in
such occasions.
1. A practical solution might be limiting login tries from the same IP, on
a time basis. E.g.: 3 wrong password entries from the same IP within an
hour will trigger the protection.
2. The login form might return a message like "Wrong username or
password", if either of the username or the password entry is wrong.
3. Assignment of hardly guessable usernames and passwords, and changing of
passwords in a period might also be a quick idea.
4. Also the path to the Hosting Controller might be changed to a
non-default path or perhaps the path might be named with random character
sequences.
ADDITIONAL INFORMATION
The information has been provided by <mailto:salper@pcworld.com.tr> Ahmet
Sabri ALPER.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Xkas Application Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
