lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201407221139.s6MBdlrH022382@sf01web3.securityfocus.com>
Date: Tue, 22 Jul 2014 11:39:47 GMT
From: audit1@...ecure.com
To: bugtraq@...urityfocus.com
Subject: Web Login Bruteforce in Symantec Endpoint Protection Manager
 12.1.4023.4080

We discovered a vulnerability in the Symantec Endpoint Protection Manager web application.

Vulnerability Type: Login Bruteforce

Original Release: June 20, 2014

Discovered by: 
	Security Team - A2SECURE
	Artėm Tsvetkov	atsvetkov@...ecure.com 
	Sisco Barrera	sbarrera@...ecure.com 
	Andrea Bodei	abodei@...ecure.com 	

Products and affected versions:
	SYMANTEC ENDPOINT PROTECTION MANAGER 12.1.4023.4080

Company: A2SECURE - Espańa
A2Secure Website: http://www.a2secure.com
Vendor Website: http://www.symantec.com	
Application Website: http://www.symantec.com/endpoint-protection 


===========================
Background
===========================

Symantec Endpoint Protection is an endpoint security solution created through a layered approach to defense. With unique, layered technology, it detects and removes malware. Derived from Symantec’s global intelligence network, it enables faster scan, more accurate detection, and higher performance while utilizing fewer resources. With single management console, Symantec Endpoint Protection provides advance protection across multiple platforms both physical and virtual.


===========================
Vulnerability Details
===========================

Bruteforce attacks consist in an attacker configuring predetermined values, making requests to a server using those values, and then analyzing the response. For the sake of efficiency, an attacker may use a dictionary attack (with or without mutations) or a traditional brute-force attack (with given classes of characters e.g.: alphanumerical, special, case (in)sensitive). Considering a given method, number of tries, efficiency of the system which conducts the attack, and estimated efficiency of the system which is attacked the attacker is able to calculate approximately how long it will take to submit all chosen predetermined values. 

Symantec Endpoint Protection Manager web login should implement bruteforce protection, such as one-time tokens, account lockout, IP blacklist, or similar.
 

===========================
Proof of Concept
===========================

The user login form does not prevent automated login attempts using a CAPTCHA, and is therefore vulnerable to bruteforce attacks.


Domain:		https://localhost:8443
Method:		POST
Path:		/console/apps/sepm
Parameter:	SEPMPasswordField_5454179
Payload:	wordlist of passwords



===========================
Credits / Author
===========================

Artėm Tsvetkov
www.a2secure.com 



===========================
Disclaimer
===========================

All information is provided without warranty. The intent is to provide information to secure infrastructure and/or systems, not to be able to attack or damage. Therefore A2Secure shall not be liable for any direct or indirect damages that might be caused by using this information.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ