PT-2019-4353 · Centos · Centos Web Panel

Narin Boonwasanarak

Publicado

2019-07-15

Atualizado

2023-01-24

CVE-2019-13383

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CentOS Web Panel version 0.9.8.846

Description The issue is related to the login process in CentOS Web Panel, which allows attackers to determine whether a username is valid by analyzing the HTTP response. This is due to a lack of protection for internal data. An attacker could exploit this to reveal protected information.

Recommendations For version 0.9.8.846, as a temporary workaround, consider restricting access to the login process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-203

Identificadores relacionados

BDU:2020-00073

CVE-2019-13383

Produtos afetados

Centos Web Panel

PT-2019-4353 · Centos · Centos Web Panel

CVE-2019-13383

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10