CVE-2020-5777
published 2020-09-01CVE-2020-5777: MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
23.90%
97.5th percentile
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dweeves | magmi | >= 0 < 0.7.24 | 0.7.24 |
| magmi_project | magmi | < 0.7.24 | 0.7.24 |
| magmi_project | magmi | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: HTTP 503 response containing the string 'Too many connections' in the body indicates the MySQL max_connections limit has been saturated, enabling the auth bypass fallback in MAGMI. ↗
- →Attack requires sending at least 151 simultaneous requests to exhaust MySQL max_connections (default 151) while keeping Apache MaxRequestWorkers (default 256+) available, then authenticating to MAGMI with default credentials magmi:magmi via HTTP Basic Auth. ↗
- →Shodan queries 'http.component:"Magento"' or 'http.component:"magento"' can be used to identify internet-exposed Magento instances potentially running a vulnerable MAGMI plugin. ↗
- →The authentication bypass fallback logic is located at line 35 of magmi_auth.php; review or monitor this file for the presence of hardcoded default credential acceptance on DB connection failure. ↗
- ·The DB-DoS attack only succeeds when MySQL max_connections is LESS THAN Apache MaxRequestWorkers. If max_connections >= MaxRequestWorkers, the attack vector is blocked because Apache will exhaust connections before MySQL does. ↗
- ·Apache versions prior to 2.4.10 had a default MaxRequestWorkers of 150, which is smaller than MySQL's default max_connections of 151, making those older Apache versions NOT vulnerable to this specific attack path. ↗
- ·A Magento 2 fork of MAGMI also exists and is equally vulnerable; it does not receive the same patch as the original MAGMI 0.7.24 release. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Authentication bypass in MAGMI
ghsa·2021-05-06
CVE-2020-5777 [CRITICAL] CWE-287 Authentication bypass in MAGMI
Authentication bypass in MAGMI
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication.
OSV
Authentication bypass in MAGMI
osv·2021-05-06
CVE-2020-5777 [CRITICAL] Authentication bypass in MAGMI
Authentication bypass in MAGMI
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication.
No detection rules found.
Nuclei
Magento Mass Importer <0.7.24 - Remote Auth Bypass
nuclei·CVSS 9.8
CVE-2020-5777 [CRITICAL] Magento Mass Importer <0.7.24 - Remote Auth Bypass
Magento Mass Importer <0.7.24 - Remote Auth Bypass
Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.
Template:
id: CVE-2020-5777
info:
name: Magento Mass Importer <0.7.24 - Remote Auth Bypass
author: dwisiswant0
severity: critical
description: Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure.
impact: |
An attacker can bypass authentication and gain unauthorized access to the Magento Mass Importer plugin.
remediation: |
Upgrade to version 0.7.24 or later to fix the authentication bypass vulnerabili
Tenable
One Year Later: What Can We Learn from Zerologon?
blogs_tenable·2021-08-11
One Year Later: What Can We Learn from Zerologon?
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
blogs_tenable·2020-09-01·CVSS 8.8
[HIGH] CVE-2020-5776, CVE-2020-5777: Multiple Vulnerabilities in the MAGMI Magento Mass Import Plugin
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
MAGMI Multiple Vulnerabilities
blogs_tenable·2020-09-01
MAGMI Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2020-09-01
Published