cbcvebase.
CVE-2019-13605
published 2019-07-16

CVE-2019-13605: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the…

PriorityP269high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
15.31%
96.4th percentile
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.

Affected

1 ranges
VendorProductVersion rangeFixed in
control-webpanelwebpanel

Detection & IOCsextracted from sources · hover to see the quote

  • Authentication bypass in CWP versions 0.9.8.838 to 0.9.8.846 is achieved by manipulating the HTTP response body token value during login — an attacker logs in with a valid username and invalid password, then replaces the token value in the HTTP response body with a previously captured valid token to gain access.
  • For CVE-2019-13360 (related predecessor), the authentication bypass token pattern in the HTTP response body uses the format: ||//theme/original with the username embedded, encoded in base64.
  • Monitor for CWP login attempts where the HTTP response body token is tampered — specifically where a valid session token from one account is replayed during authentication of another account (token replay in response body).
  • ·CVE-2019-13605 affects CentOS Web Panel versions 0.9.8.838 through 0.9.8.846 only; CVE-2019-13360 covers the earlier 0.9.8.836–0.9.8.837 range and uses a different (base64) encoding mechanism.
  • ·The exact token/response value format varies by version; defenders should account for version-specific token formats when building detection signatures.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.