PT-2018-15327 · Photorange · Photorange Photo Vault

Benjamin K.M

Published

2018-12-23

Updated

2020-08-24

CVE-2018-20371

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PhotoRange Photo Vault version 1.2

Description The issue allows remote attackers to bypass intended GET restrictions via a brute-force approach. This is because the password is appended to the URI for authorization. For example, attackers can use "GET /login.html passwd1" and "GET /login.html passwd2" and so on to bypass restrictions.

Recommendations For PhotoRange Photo Vault version 1.2, consider modifying the authorization mechanism to prevent passwords from being appended to the URI, thereby preventing brute-force attacks. As a temporary workaround, restrict access to the login endpoint to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-20371

Affected Products

Photorange Photo Vault

PT-2018-15327 · Photorange · Photorange Photo Vault

CVE-2018-20371

Weakness Enumeration

Related Identifiers

Affected Products

References · 3