CVE-2019-13605

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions 0.9.8.838 through 0.9.8.846

Description The issue is related to a weakness in the authentication procedure of the CentOS Web Panel, allowing remote attackers to bypass authentication in the login process by leveraging knowledge of a valid username. The attacker must defeat a specific encoding that is not equivalent to base64. This can potentially allow a remote attacker to elevate their privileges.

Recommendations For versions 0.9.8.838 through 0.9.8.846, consider temporarily restricting access to the login process until a patch is available. As a mitigation measure, restrict access to the CentOS Web Panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.