Tomedo Server 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1785299 漏洞类型 其他
发布时间 2019-10-17 更新时间 2019-12-27
CVE编号 CVE-2019-17393 CNNVD-ID CNNVD-201910-1125
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019100115
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201910-1125
|漏洞详情
Tomedo Server 1.7.3版本中存在安全漏洞。攻击者可利用该漏洞获取用户凭证。
|漏洞EXP
Affected software: Tomedo Server 1.7.3
Vulnerability type: Cleartext Transmission of Sensitive Information & Weak Cryptography for Passwords
Vulnerable version: Tomedo Server 1.7.3
Vulnerable component: Customer Tomedo Server that communicates with Vendor Tomedo Update Server
Vendor report confidence: Confirmed
Fixed version: Version later then 1.7.3
Vendor notification: 20/09/19
Solution date: 25/09/19
CVE reference: CVE-2019-17393
CVSS Score: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 
Credits: Chris Hein, ProSec GmbH
Communication Timeline: 
20th September 2019 Initial contact - no response
25th September second contact attempt
28th September Vendor responded and released an update
14th October fulldisclosure 

Vulnerability Details:
The Customer’s Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors.
Basic authentication is used for the authentication what’s makes it possible to base64 decode the sniffed credentials and get hold of the username and password.

Proof of concept:
Capture the traffic between the Tomedo servers via a proxy or a MITM attack and base64 decode the credentials from the HTTP GET request.
|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.html