Red Hat Piranha Password Change Vulnerability

vendor:

Piranha

by:

SecurityFocus

7.5

CVSS

HIGH

Insecure Password Change

259

CWE

Product Name: Piranha

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2000

Red Hat Piranha Password Change Vulnerability

Red Hat Piranha is vulnerable to an insecure password change vulnerability. When a user submits a password change, the new password is passed as a variable in a GET request. This means that the new password can be obtained by reading the httpd access log or by sniffing the network traffic.

Mitigation:

Ensure that passwords are not passed as variables in GET requests. Use POST requests instead.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1367/info

Password changes submitted to Red Hat Piranha via HTTP are insecurely passed as variables in a GET request. Unauthorized users could obtain the password by reading the httpd access log or by sniffing.

---------[from /etc/httpd/logs/access_log]-----------
...
127.0.0.1 - piranha [19/May/2000:14:00:48 +0200] "GET
/piranha/secure/passwd.php3?try1=xxx&try2=xxx&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:14:01:03 +0200] "GET
/piranha/secure/passwd.php3?try1=yyy&try2=yyy&passwd=ACCEPT HTTP/1.0" 200
3120
127.0.0.1 - piranha [19/May/2000:20:58:50 +0200] "GET
/piranha/secure/passwd.php3?try1=arkth&try2=arkth&passwd=ACCEPT
HTTP/1.0" 200 3120
...