exploit the possibilities

Jalios JCMS 10 Backdoor Account / Authentication Bypass

Jalios JCMS 10 Backdoor Account / Authentication Bypass
Posted Nov 20, 2019
Authored by Ricardo Jose Ruiz Fernandez

Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and a specific password.

tags | advisory
advisories | CVE-2019-19033
MD5 | 2866d3bb09b1a6dcf2a958dfb5af0d02

Jalios JCMS 10 Backdoor Account / Authentication Bypass

Change Mirror Download
I. VULNERABILITY
-------------------------
Jalios JCMS 10 allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account using any username and an specific password.


II. CVE REFERENCE
-------------------------
CVE-2019-19033


III. VENDOR
-------------------------
Jalios (https://www.jalios.com/jcms/j_6/en/home)


IV. TIMELINE
-------------------------
08/11/19 - Vulnerability discovered
09/11/19 - Vendor contacted
14/11/19 - Vendor fixes the vulnerability


V. DESCRIPTION
-------------------------
The "webdav" folder uses HTTP authentication which can be bypassed using the backdoor account. This allows to get access to the website as the administrator and then create more administrator users, change passwords of any username, delete usernames, create groups, download the list of all the users (with email addresses, phone numbers, full names ...). It is also possible to upload or overwrite any file in the WebDAV server. The "webdav" folder is located by default in the root of the website. This is caused by a vulnerable version of the "DevTools" plugin, installed by default.


VI. IMPACT
-------------------------
CVSS 10.0(AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H))


VII. SOLUTION
-------------------------
Possible solutions:
- Disable the DevToolsAuthenticationHandler
- Disable or uninstall the DevTools plugin.
- Upgrade DevTools plugin to version 7.1 or 8.1


VIII. REFERENCES
-------------------------
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19033


IX. CREDIT
-------------------------
Ricardo José Ruiz Fernández (@ricardojoserf)

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    31 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close