API tools faq
paste
Advertisement
harold_flood

CVE-2020-17494

harold_flood
Nov 10th, 2020 (edited)
4,600
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.30 KB | None | 0 0
raw download clone embed print report
  1. [CVEID]
  2. CVE-2020-17494
  3. ------------------------------------------
  4. [Suggested description] [PROBLEM TYPE]
  5. Untangle Firewall NG before 16.0 uses MD5 for passwords.
  6. ------------------------------------------
  7.  
  8. [Additional Information] [DESCRIPTION]
  9. Untangle Firewall NG stores passwords using the rather outdated and
  10. cryptographically insecure MD5 hash algorithm. Untangle Firewall NG
  11. default backup procedure is storing the configuration backup on a
  12. passwordless zip on a google cloud account, on which the file with the
  13. hash is present, allowing attackers who are able to compromise the
  14. google cloud account to compromise the firewall through this
  15. vulnerability. Furthermore, enabling firewall web control panel and
  16. SSH connections even though is not default, is a option and can be
  17. found through the internet.
  18.  
  19. ------------------------------------------
  20.  
  21. [VulnerabilityType Other]
  22. Untangle Firewall NG stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm
  23.  
  24. ------------------------------------------
  25.  
  26. [Vendor of Product]
  27. Untangle Firewall NG, https://www.untangle.com
  28.  
  29. ------------------------------------------
  30.  
  31. [Affected Product Code Base] [PRODUCT] [VERSION]
  32. Untangle Firewall NG - < 16.0
  33.  
  34. ------------------------------------------
  35.  
  36. [Attack Type]
  37. Remote
  38.  
  39. ------------------------------------------
  40.  
  41. [CVE Impact Other]
  42. Admin access to the firewall web control panel and SSH
  43.  
  44. ------------------------------------------
  45.  
  46. [Attack Vectors]
  47. Access to the default configuration backups of the firewall on a google cloud or local access to the hash.
  48. https://github.com/untangle/ngfw_src/blob/1d232efe2c17a8838b59bbbeaf166dafa94676af/uvm/hier/usr/share/untangle/web/auth/index.py
  49. https://wiki.untangle.com/index.php/Configuration_Backup
  50. https://www.shodan.io/search?query=src%3D%22%2Fimages%2FBrandingLogo.png%22
  51. https://www.untangle.com
  52.  
  53. ------------------------------------------
  54.  
  55. [Reference]
  56. https://github.com/untangle/ngfw_src/blob/1d232efe2c17a8838b59bbbeaf166dafa94676af/uvm/hier/usr/share/untangle/web/auth/index.py#L196-L200
  57. https://github.com/untangle/ngfw_src/search?q=author%3Abmastbergen+committer-date%3A2020-08-10&type=commits
  58. https://pastebin.com/s7UYG3vX
  59.  
  60. ------------------------------------------
  61.  
  62. [Discoverer]
  63. Harold Luiz Palazzini Cardozo
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!