CA UniCenter Management Portal Username Enumeration Vulnerability

2004-09-27T00:00:00
ID SECURITYVULNS:DOC:6853
Type securityvulns
Reporter Securityvulns
Modified 2004-09-27T00:00:00

Description

CA UniCenter Management Portal Username Enumeration Vulnerability

Package: CA UniCenter Management Portal Vendor Web Site: http://www.ca.com Versions: UniCenter Management Portal 2.0 and 3.1 Platform: Windows Local: No Remote: Yes Fix Available: Yes Advisory Author: Thomas Adams (tgadams@bellsouth.net)

Background: >From www.ca.com: "Unicenter Management Portal provides intuitive access to enterprise management >information,offering a personalized web interface for various Unicenter management solutions. Security and >administrative control are provided through pre-defined workplaces. Filtered event notifications can be >customized to suit individual roles and responsibilities, for personalized views tailored to your users' unique >needs." The portal provides a forgot password link, that does not give a proper response for an invalid user. Using a script, an attacker can quickly find users that have access to the web interface using the technique below. This will help facilitate brute force attacks against the server.

Exploit: Connect to the management portal(default 8080). Choose the 'Forgot your Password?' option. Enter a username, such as test. If the test account does not exists, the following will be displayed: "User not found: test" A legit account will produce a "Password has been sent" or "Email address not Found" message.

Vendor Response: CAs recommendation was to disable the 'Forgot Password' feature. To isable this option in the Portal, add the following line to the [PORTAL_INSTALL]\properties\local.properties file.

show.passwords.in.api=false

You will need to restart the portal after manually editing the file.