[MAGNOLIA-7707] Login Console accessible publicly Created: 15/Jan/20 Updated: 21/Jan/20 Resolved: 21/Jan/20 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface |
| Affects Version/s: | 6.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Critical |
| Reporter: | Vineet Mishra | Assignee: | Mercedes Iruela |
| Resolution: | Not an issue | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
all the environments |
||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
It is observed that Magnolia Author, login page can be accessed externally for the websites, which uses Magnolia CMS in backend to manage the content. Once accessible, the same login page can be brute forced by attackers to get into the system and perform delete, modify, deface etc. It can be done in case the website is using default credentials e.g. superuser, eric, peter (which are available publicly). Steps: 1. Access any website which uses Magnolia CMS in backend. Step: 2. take any url which resolve to any magnolia page, and craft a request with OPTION method. Step .3. As in the backend OPTION method will be disable, and user will get a 403 error. But along with this error, the response page will contain Magnolia login form.
Step 4. Enter valid credentials , or brute force. Step 5. If success, will allow to access Magnolia from public facing resource.
|
| Comments |
| Comment by Mercedes Iruela [ 15/Jan/20 ] |
|
Hi Vineet, Regards, |