harold_flood

CVE-2020-17494

Nov 10th, 2020 (edited)
477
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [CVEID]
  2. CVE-2020-17494
  3. ------------------------------------------
  4. [Suggested description] [PROBLEM TYPE]
  5. Untangle Firewall NG before 16.0 uses MD5 for passwords.
  6. ------------------------------------------
  7.  
  8. [Additional Information] [DESCRIPTION]
  9. Untangle Firewall NG stores passwords using the rather outdated and
  10. cryptographically insecure MD5 hash algorithm. Untangle Firewall NG
  11. default backup procedure is storing the configuration backup on a
  12. passwordless zip on a google cloud account, on which the file with the
  13. hash is present, allowing attackers who are able to compromise the
  14. google cloud account to compromise the firewall through this
  15. vulnerability. Furthermore, enabling firewall web control panel and
  16. SSH connections even though is not default, is a option and can be
  17. found through the internet.
  18.  
  19. ------------------------------------------
  20.  
  21. [VulnerabilityType Other]
  22. Untangle Firewall NG stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm
  23.  
  24. ------------------------------------------
  25.  
  26. [Vendor of Product]
  27. Untangle Firewall NG, https://www.untangle.com
  28.  
  29. ------------------------------------------
  30.  
  31. [Affected Product Code Base] [PRODUCT] [VERSION]
  32. Untangle Firewall NG - < 16.0
  33.  
  34. ------------------------------------------
  35.  
  36. [Attack Type]
  37. Remote
  38.  
  39. ------------------------------------------
  40.  
  41. [CVE Impact Other]
  42. Admin access to the firewall web control panel and SSH
  43.  
  44. ------------------------------------------
  45.  
  46. [Attack Vectors]
  47. Access to the default configuration backups of the firewall on a google cloud or local access to the hash.
  48. https://github.com/untangle/ngfw_src/blob/1d232efe2c17a8838b59bbbeaf166dafa94676af/uvm/hier/usr/share/untangle/web/auth/index.py
  49. https://wiki.untangle.com/index.php/Configuration_Backup
  50. https://www.shodan.io/search?query=src%3D%22%2Fimages%2FBrandingLogo.png%22
  51. https://www.untangle.com
  52.  
  53. ------------------------------------------
  54.  
  55. [Reference]
  56. https://github.com/untangle/ngfw_src/blob/1d232efe2c17a8838b59bbbeaf166dafa94676af/uvm/hier/usr/share/untangle/web/auth/index.py#L196-L200
  57. https://github.com/untangle/ngfw_src/search?q=author%3Abmastbergen+committer-date%3A2020-08-10&type=commits
  58. https://pastebin.com/s7UYG3vX
  59.  
  60. ------------------------------------------
  61.  
  62. [Discoverer]
  63. Harold Luiz Palazzini Cardozo
RAW Paste Data