WARNING! Fake news / Uwaga! Nota nieprawdziwa

JBoss AS Administrative Console Password Disclosure

2013.06.07
Credit: amroot
Risk: High
Local: Yes
Remote: No
CWE: CWE-255


Ogólna skala CVSS: 6/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 6.8/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Jednorazowa
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Product: Embedded Jopr - JBoss AS Administration Console Vendor: Red Hat Middleware, LLC Version: < 1.2 Tested Version: 1.2 Vendor Notified Date: May 29, 2013 Release Date: June 03, 2013 Risk: Moderate Authentication: Required Remote: Yes Description: Passwords submitted to the application are returned in clear form in later responses from the application. Although the password field is masked, it is visible via the page source regardless of SSL. This behavior increases the risk that passwords will be captured by an attacker. Specifically, this can be leveraged to pivot and gain access to configured databases by viewing the page source or using browser tools such as "inspect element" in chrome and firefox. Successful exploitation of this vulnerability results in taking complete control of database servers. Exploit steps for proof-of-concept: 1. Navigate to: JBossAS Servers> JBoss AS> Resources> Datasources 2. Select Datasource 3. View page source 4. Find input type="password" 5. "value=" will contain the database password. 6. Dump database. Vendor Notified: Yes Vendor Response: Does not consider this to be an exploitable security flaw due to type authenticated. Reference: CVE-2013-3734 http://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/ amroot.com

Referencje:

http://www.halock.com/blog/cve-2013-3734-jboss-administration-console-password-returned-response/


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top