Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
mconnect/bruteforce
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
29 lines (22 sloc)
1.23 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Presentation: | |
| Security vulnerability: Brute Force Attack. | |
| Vulnerability Type: Broken Authentication. | |
| Affected Component: Affected function on user's logon. | |
| Software: mConnect MV. | |
| Versions: 02.001.00, 2013.1.6.8 (discontinued). | |
| Bussiness area: Health, Medicine. | |
| Describe the bug/issue: | |
| Information disclosure in Logon Page of MV mConnect application v02.001.00 and 2013.1.6.8 allows an attacker to know valid users from the application's database via | |
| a brute force attack. | |
| Have you searched the internet or Github for an answer? | |
| Yes. | |
| To Reproduce: | |
| Enumeration - Create a list of usernames, which can be acquired over the internet and launch a word list attack against the vulnerable application, entering any invalid password. Note that for valid | |
| users, the application returns "invalid password". For invalid users, the application returns "invalid user". | |
| The differences between the responses of the application allows a hacker to know valid users of the system and proced to the next level, a password brute force attack over | |
| only valid users. | |
| Expected behavior: | |
| Application should return a neutral response, not informing if a user exists or not, nor if the password is invalid or not. | |
| Bug Fix: | |
| No bug fix. Discontinued software. | |
| CVE ID: CVE-2020-23283 |