lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 23 Jun 2018 17:41:08 -0400
From: Kevin R <krandall2013@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2018-12103

 > [Suggested description]
> An issue was discovered on D-Link DIR-890L A2 devices.
> Due to the predictability of the /docs/captcha_(number).jpeg URI,
> being local to the network, but unauthenticated to the administrator's
> panel, an attacker can disclose the CAPTCHAs used by the access point
> and can elect to load the CAPTCHA of their choosing, leading to
> unauthorized login attempts to the access point.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> D-Link
>
> ------------------------------------------
>
> [Affected Product Code Base]
> DIR-890L - A2
>
> ------------------------------------------
>
> [Affected Component]
> Due to the predictability in the /docs/captcha_(number).jpeg while
> loading the CAPTCHA, an attacker can change the CAPTCHA to load and
> can load the same CAPTCHA each time.
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> Predictability of CAPTCHA resulting in unauthorized login attempts to the
access point
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker must be local to the network but unauthenticated to the
administrator's panel.
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Kevin Randall

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ