| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Apr 2010 23:34:07 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <bugtraq@...urityfocus.com> Subject: Vulnerabilities in TAK cms Hello Bugtraq! I want to warn you about security vulnerabilities in TAK cms. It's Ukrainian commercial CMS. ----------------------------- Advisory: Vulnerabilities in TAK cms ----------------------------- URL: http://websecurity.com.ua/4050/ ----------------------------- Timeline: 04.02.2009 - found vulnerabilities. 30.09.2009 - informed owners of web sites where I found these vulnerabilities. Taking into account, that I didn't find any contact data of developer of TAK cms, then I hope, that owners of that site informed him about these vulnerabilities. This is one of those cases with commercial CMS, where developers didn't leave any contact data and there is no information about them in Internet. 19.03.2010 - disclosed at my site. ----------------------------- Details: These are Insufficient Anti-automation and Brute Force vulnerabilities. Insufficient Anti-automation: http://site/about/contacts/ http://site/register/getpassword/ At these pages there is not protection from automated requests (captcha). Brute Force: http://site/auth/ http://site/admin/ In login forms there is no protection from Brute Force attacks. Vulnerable are all versions of TAK cms. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Powered by blists - more mailing lists