PT-2019-12439 · Honeypress · Honeypress

Published

2019-05-01

Updated

2020-08-24

CVE-2019-11633

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HoneyPress versions prior to 2016-09-27

Description The issue allows attackers to fingerprint HoneyPress due to unique hostnames within the fake WordPress templates, specifically www.atxsec.com and ayylmao.wpengine.com. This enables attackers to discover and avoid the honeypot system.

Recommendations For versions prior to 2016-09-27, consider modifying the fake WordPress templates to remove the unique hostnames, such as www.atxsec.com and ayylmao.wpengine.com, to prevent fingerprinting.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-11633

Affected Products

Honeypress

PT-2019-12439 · Honeypress · Honeypress

CVE-2019-11633

Weakness Enumeration

Related Identifiers

Affected Products

References · 3