what you don't know can hurt you

Collaboration Compliance And Quality Management Platform 9.1.1.5482 Disclosure

Collaboration Compliance And Quality Management Platform 9.1.1.5482 Disclosure
Posted Oct 3, 2018
Authored by Tobias Huppertz

Collaboration Compliance and Quality Management Platform versions 9.1.1.5482 and below suffer from a password disclosure vulnerability.

tags | exploit
advisories | CVE-2018-17871
MD5 | 8c2c144527683a6ee8c113de96b6ad60

Collaboration Compliance And Quality Management Platform 9.1.1.5482 Disclosure

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2018-023
Product: Collaboration Compliance and Quality Management Platform
Manufacturer: Verint Verba
Affected Version(s): <= 9.1.1.5482
Tested Version(s): 9.1.1.5482
Vulnerability Type: Improper Access Control (CWE-284)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2018-08-29
Solution Date: 2018-08-31
Public Disclosure: 2018-10-02
CVE Reference: CVE-2018-17871
Author of Advisory: Tobias Huppertz, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Collaboration Compliance and Quality Management Platform is a product
to record and play calls with VoIP-telephons including Skype, messages
and video. The permission management works with different roles and
groups. So member can just play their own calls and investigators can
also play calls of other users.

The manufacturer describes the product as follows (see [1]):

"Verint Essential Workforce Optimization offers advanced automation to
get the most from your workforce. Our software and services can
enhance the efficiency of your employees and processes, and enable you
to share workforce intelligence in real-time across your
business. Mid-market contact centers, back-office operations, branch
operations and financial trading rooms can rely on Verint Essential
Workforce Optimization to capture and store interactions, heighten
quality, ensure compliance and help manage the availability and
performance of employees in targeted areas of their businesses."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

At the page "Change Configuration Settings" the user can see the
configuration. Passwords are obfuscated by dot operator, but the
server delivers passwords in plaintext. By editing the html source
code in the browser the password fields can be modified to edit fields
and the passwords gets visible.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

A logged in user can see configured passwords in plaintext. Access the page
"Change Configuration Settings", start the Developer Tools (Internet Explorer
11: key F12). Modify the password type from type='password' to type='edit'
fields and the passwords are visible in plaintext. For example "Key File
Password" (server certificate) and "Database Password" (SQL Server).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Install the new version, which was published by the vendor [2].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2018-08-16: Vulnerability discovered
2018-08-30: Vulnerability reported to manufacturer
2018-08-30: Vulnerability confirmed by manufacturer
2018-08-31: Update released by manufacturer
2018-10-01: CVE number assigned
2018-10-02: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Collaboration Compliance and Quality Management Platform
https://www.verba.com/solutions/compliance-recording-collaboration/#Skype-for-Business
[2] Verba 9.2 Release Notes (build 9.2.2.5549) - RI-016911
https://releases.verba.com/?v=9.2
[3] SySS Security Advisory SYSS-2018-023
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-023.txt
[4] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Tobias Huppertz of SySS GmbH.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory
may be updated in order to provide as accurate information as
possible. The latest version of this security advisory is available on
the SySS Web site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8ufGpZlQhO161g3U7b4m5xTqWHYFAluzWdUACgkQ7b4m5xTq
WHYCTA//Rl8Js5tfiRLh1kGo3K9iSZG/xYF14cQZdmE8Qe9kfuaZJ0qOZ4xfBYx6
XBEbZx/2isr9oJoeJAWKWwtRrH+OX4hjXh1SeGTdHLtikz9VD7bCz3bDibbU8NGJ
SQ3mHsnoAbxJu3xBoM4Rue4h2QHFKZlbJz8LUnS2dkOgzdyEXieuo35lGoED70OX
7+Z9dmC0B/OOf2WCV7iRj+UMeZKU2jlT3qVa8lnB+OOoShJr5hvIBJPHOX3q45tt
XA/sdojCvx+tt56z9a2Jup6AykJxcf/OKdLoUFSoZwRsoryamnxyXF7XRaqDqtHE
vztP71b9HBL2S/nQaZHb1ItHQB3cLKMuj1JEFaCTe4cToiYLZaRfdJl0nPVnSbxY
TJxXdsjJdumob5zS6JV+25mOtVSRDs5wXNketKqzm65J2Vcx5iQVol2930xiC/IF
YsaEvpIoha6H27YEETQoTQHeomVov5rm8Pov0K5Pnh1cvbTAhh6WnRAZrtnk8Ev+
rEXgovggev7E3IQwy5NFe61hbJFG9Cy7rOxK2RCAYvvGnkwsGOG45fzIiXPf1/WN
LXRIz95WBs+fjhHnRnHsBXdr7z8d9WXC1pk+cdaZBllZJ4VI/qpB6LmMe+5VRq5B
jr+oIGyGlpTYOMoVN89peB5+Uv5BM2tjEBUOiuYv0VqZeaT+QJU=
=1M8m
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close