Listen to this Post
How the mentioned CVE works:
The vulnerability resides in an admin panel’s user account management section. Users granted read access can view password hashes for all accounts, including administrative users. These hashes are not displayed visibly on the page but are embedded within the HTML source code. When accessing a user profile, such as the admin profile via a specific URL, the hash is present in the page source. It corresponds to the hash stored in backend files like admin.yaml. The hashing algorithm used is bcrypt. An attacker with read privileges can extract these hashes from the source. By using offline cracking tools, the attacker can attempt to recover plaintext passwords. Successful cracking of an admin hash leads to full privilege escalation. The attack requires initial read access, which might be granted to low-privileged users. The core issue is improper sensitivity control, exposing confidential authentication data.
Dailycve form:
Platform: Admin Panel
Version: Not specified
Vulnerability: Exposure password hashes
Severity: Medium
Date: 2024-07-24
Prediction: Patch date TBD
What Undercode Say:
Analytics:
curl -s http://127.0.0.1/admin/accounts/users/admin | grep -o ‘password_hash=”[^”]”‘
hashcat -m 3200 hash.txt wordlist.txt
john –format=bcrypt hashfile
How Exploit:
Gain read access.
Login to admin panel.
Navigate to user management.
View page source.
Extract password hashes.
Crack bcrypt hash.
Use cracked password.
Login as admin.
Protection from this CVE:
Remove hash exposure.
Implement proper authorization.
Store hashes securely.
Use stronger algorithms.
Audit access controls.
Impact:
Privilege escalation possible.
Admin panel compromise.
System integrity loss.
Data confidentiality breach.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
