-
-
Save boatpavaris/cff51e52a96fdde8215f71a3315703c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description] | |
| Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing platform that allows you to create cutting-edge websites and optimize your digital customers? experiences fully across multiple channels. Kentico saves you time and resources so you can accomplish more. (Copy from Kentico homepage.) | |
| [Suggested description] | |
| ** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read | |
| the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but | |
| not a vulnerability. The vendor plans to fix it at a future time. | |
| ------------------------------------------ | |
| [Additional Information] | |
| The application should not respond clear-text credential back to | |
| browser. There is another workaround which is limiting number of | |
| authorized people to access the application using high privilege | |
| account | |
| Discovery and report - 28 Dec 2018. | |
| Vendor response - 3 Jan 2019. | |
| CVE ID was assigned - 12 Jan 2019. | |
| Public - 15 Jan 2019. | |
| ------------------------------------------ | |
| [VulnerabilityType Other] | |
| Credential disclosure | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Kentico | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| Kentico - v10.0.42 | |
| ------------------------------------------ | |
| [Affected Component] | |
| SMTP configuration page | |
| ------------------------------------------ | |
| [Attack Type] | |
| Local | |
| ------------------------------------------ | |
| [Attack Type Other] | |
| An attacker who is able to access on global administrator privileges. A attacker can view SMTP plaintext password and send phishing email to victim. | |
| ------------------------------------------ | |
| [Impact Information Disclosure] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| We found that an attacker who is able to access on global | |
| administrator privileges. He has authorize to modify SMTP properties | |
| and the server responds SMTP current credential to store in HTML DOM. | |
| This could allow a malicious administrator (probably compromised | |
| account) to view current SMTP credential and use it to relay an Email | |
| with specific SMTP server. | |
| 1 Log in as administrator. | |
| 2 Go to SMTP configuration page | |
| 3 Click "Email" | |
| 4 View source "SMTP Password" | |
| ------------------------------------------ | |
| [Has vendor confirmed or acknowledged the vulnerability?] | |
| true | |
| ------------------------------------------ | |
| [Discoverer] | |
| Pavaris Jintanapramoth |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment