[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAM-upGpEUavA3FnETRjxuNaJgvhT_wDNBoZhga3+gEx07w_KLg@mail.gmail.com>
Date: Sat, 23 Jun 2018 17:41:08 -0400
From: Kevin R <krandall2013@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2018-12103
> [Suggested description]
> An issue was discovered on D-Link DIR-890L A2 devices.
> Due to the predictability of the /docs/captcha_(number).jpeg URI,
> being local to the network, but unauthenticated to the administrator's
> panel, an attacker can disclose the CAPTCHAs used by the access point
> and can elect to load the CAPTCHA of their choosing, leading to
> unauthorized login attempts to the access point.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> D-Link
>
> ------------------------------------------
>
> [Affected Product Code Base]
> DIR-890L - A2
>
> ------------------------------------------
>
> [Affected Component]
> Due to the predictability in the /docs/captcha_(number).jpeg while
> loading the CAPTCHA, an attacker can change the CAPTCHA to load and
> can load the same CAPTCHA each time.
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [CVE Impact Other]
> Predictability of CAPTCHA resulting in unauthorized login attempts to the
access point
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker must be local to the network but unauthenticated to the
administrator's panel.
>
> ------------------------------------------
>
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
>
> ------------------------------------------
>
> [Discoverer]
> Kevin Randall
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists