CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.
cc0c55ccdb42fd51d11a4b01419284a4bc4b629d40b00b2b4ccebe57d7de4456Exploit Title : CWP (CentOS Control Web Panel) User enumerate through HTTP response time
Date : 15 Jul 2019
Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage : https://control-webpanel.com/
Software Link : Not available, user panel only available for lastest version
Version : 0.9.8.848
Tested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number : CVE-2019-13599
Reference : https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13599.md
# Description
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times
# PoC
1. Login with valid user and invalid password, the server response time is about 250ms
2. Login with an invalid user and invalid password, the server response time is about 180ms
*The response time are also depend on the network speed. but however, when we log in with valid and invalid username, the response time will be different
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed