PT-2019-12439 · Honeypress · Honeypress

Publicado

2019-05-01

Atualizado

2020-08-24

CVE-2019-11633

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HoneyPress versions prior to 2016-09-27

Description The issue allows attackers to fingerprint HoneyPress due to unique hostnames within the fake WordPress templates, specifically www.atxsec.com and ayylmao.wpengine.com. This enables attackers to discover and avoid the honeypot system.

Recommendations For versions prior to 2016-09-27, consider modifying the fake WordPress templates to remove the unique hostnames, such as www.atxsec.com and ayylmao.wpengine.com, to prevent fingerprinting.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2019-11633

Produtos afetados

Honeypress

PT-2019-12439 · Honeypress · Honeypress

CVE-2019-11633

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3