Catapulta I.W. Edition suffers from login enumeration, brute force, and insufficient anti-automation vulnerabilities.
64bb8471e293f2b2b1eee94fa6acdb89c6be37ca276ecf609a8e0e9362703610Hello list!
These are Login Enumeration, Brute Force and Insufficient Anti-automation
vulnerabilities in Catapulta I.W. Edition.
This is commercial CMS. It's used at web site of one presidential contender
in Ukraine (the elections were last Sunday), where I found these
vulnerabilities at 28.01.2014. This politic never cared about security of
his web site and his site was hacked in 2009, so no surprise he used
vulnerable CMS this year too and still haven't fixed holes - as these ones,
as many others. There are many interesting Information Leakage
vulnerabilities at that web site, but as I found they are related to site
configuration or non-default CMS configuration and are not present at other
sites on Catapulta.
-------------------------
Affected products:
-------------------------
Vulnerable are all versions of Catapulta I.W. Edition.
-------------------------
Affected vendors:
-------------------------
Pula Design - developer of Catapulta.
http://pula.com.ua
----------
Details:
----------
Login Enumeration (WASC-42):
http://site/admin/login.php
Different answers allow to enumerate logins in the system.
Brute Force (WASC-11):
http://site/admin/login.php
There is no protection from Brute Force attacks.
Insufficient Anti-automation (WASC-21):
In contact form (http://site/messageadmin.html) there is no protection
against automated attacks.
------------
Timeline:
------------
2014.02.28 - announced at my site.
2014.03.07 - informed developers. Ignored.
2014.05.30 - disclosed at my site (http://websecurity.com.ua/7033/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed