-
Bug
-
Resolution: Not an issue
-
Critical
-
None
-
6.0
-
None
-
all the environments
It is observed that Magnolia Author, login page can be accessed externally for the websites, which uses Magnolia CMS in backend to manage the content. Once accessible, the same login page can be brute forced by attackers to get into the system and perform delete, modify, deface etc. It can be done in case the website is using default credentials e.g. superuser, eric, peter (which are available publicly).
Steps: 1. Access any website which uses Magnolia CMS in backend.
Step: 2. take any url which resolve to any magnolia page, and craft a request with OPTION method.
Step .3. As in the backend OPTION method will be disable, and user will get a 403 error. But along with this error, the response page will contain Magnolia login form.
Step 4. Enter valid credentials , or brute force.
Step 5. If success, will allow to access Magnolia from public facing resource.