CVE-2019-13605
published 2019-07-16CVE-2019-13605: In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the…
PriorityP269high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
15.31%
96.4th percentile
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| control-webpanel | webpanel | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass in CWP versions 0.9.8.838 to 0.9.8.846 is achieved by manipulating the HTTP response body token value during login — an attacker logs in with a valid username and invalid password, then replaces the token value in the HTTP response body with a previously captured valid token to gain access. ↗
- →For CVE-2019-13360 (related predecessor), the authentication bypass token pattern in the HTTP response body uses the format: ||//theme/original with the username embedded, encoded in base64. ↗
- →Monitor for CWP login attempts where the HTTP response body token is tampered — specifically where a valid session token from one account is replayed during authentication of another account (token replay in response body). ↗
- ·CVE-2019-13605 affects CentOS Web Panel versions 0.9.8.838 through 0.9.8.846 only; CVE-2019-13360 covers the earlier 0.9.8.836–0.9.8.837 range and uses a different (base64) encoding mechanism. ↗
- ·The exact token/response value format varies by version; defenders should account for version-specific token formats when building detection signatures. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.htmlhttps://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.mdhttps://www.exploit-db.com/exploits/47123http://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.htmlhttps://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.mdhttps://www.exploit-db.com/exploits/47123
2019-07-16
Published