API tools faq
paste
Advertisement
H4cKr1337

CVE-2025-25595 - FULL DISCLOSURE

H4cKr1337
Mar 17th, 2025 (edited)
836
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.30 KB | Software | 0 0
raw download clone embed print report
  1. CVE ASSIGNED: CVE-2025-25595
  2. CVE PUBLISHED STATE: PUBLISHED
  3. CVE LINK: https://nvd.nist.gov/vuln/detail/CVE-2025-25595
  4.  
  5. Description:
  6. The login page of Safe App version a3.0.9 lacks rate limiting controls, allowing attackers to perform unlimited authentication attempts via brute force attacks. This vulnerability enables potential unauthorized access to user accounts through automated password guessing.
  7.  
  8. Impact:
  9. - Account compromise through brute force
  10. - Unauthorized access to user data
  11. - Escalation of privileges
  12. - Privacy violations
  13. - Service degradation from automated attacks
  14.  
  15. Attack Scenario:
  16. 1. Attacker targets login endpoint: https://kiwi.safe-analytics.in/account/login/?next=/
  17. 2. Login requests are captured and automated using tools like Burp Suite/Scripts
  18. 3. Multiple password attempts can be made without restriction
  19. 4. Valid credentials are eventually discovered
  20. 5. Attacker gains unauthorized account access
  21.  
  22. Technical Details:
  23. - Vulnerability Type: Insecure Permissions
  24. - CWE Classification: CWE-307 (Improper Restriction of Excessive Authentication Attempts)
  25. - Attack Type: Remote
  26. - Affected Version: a3.0.9
  27. - Affected Component: Login API endpoint (Safe App - a3.0.9)
  28. - Impact: Escalation of Privileges
  29.  
  30. Affected Products:
  31. - Safe App (Android): https://play.google.com/store/apps/details?id=com.iitb.cse.arkenstone.safe_v2
  32. - Safe Web Application: https://safe.cse.iitb.ac.in/
  33.  
  34. Vendor Information:
  35. IIT Bombay Synergy CSE Department
  36. https://www.cse.iitb.ac.in/synerg/
  37.  
  38. Proof of Concept:
  39. 1. Navigate to https://kiwi.safe-analytics.in/account/login/?next=/
  40. 2. Capture login request in Burp Suite
  41. 3. Configure intruder with password wordlist
  42. 4. Execute brute force attack
  43. 5. Observe unlimited login attempts allowed
  44. 6. PoC at - https://ibb.co/chmhTVQV
  45.  
  46.  
  47. References:
  48. - CVE-2023-37635
  49. - https://nvd.nist.gov/vuln/detail/CVE-2023-37635
  50. - https://www.esecforte.com/cve-2023-37635-login-bruteforce/
  51.  
  52. Severity: High
  53.  
  54. Fix:
  55. - Implement rate limiting on authentication endpoints
  56. - Add account lockout after failed attempts
  57. - Implement CAPTCHA or similar challenge mechanisms
  58. - Add IP-based request throttling
  59. - Monitor and alert on brute force attempts
  60. - Implement secure session management
  61. - Use strong password policies
  62. - Enable multi-factor authentication
  63.  
  64. Discoverer:
  65. Ishwar Kumar
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!