CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS

An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

Convincing a user to access the malicious CSRF HTML page

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
Magnolia CMS - CVE-2021-46366.pdf		Magnolia CMS - CVE-2021-46366.pdf
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

mbadanoiu/CVE-2021-46366

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS

Vendor Disclosure:

Requirements:

Proof Of Concept:

About

Topics

Resources

Stars

Watchers

Forks