GHSA-rq42-58qf-v3qx

Source

https://github.com/advisories/GHSA-rq42-58qf-v3qx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-rq42-58qf-v3qx/GHSA-rq42-58qf-v3qx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rq42-58qf-v3qx

Aliases

CVE-2023-46745

Related

CVE-2023-46745

Published

2023-11-17T21:38:42Z

Modified

2024-02-16T08:19:05.195170Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

LibreNMS vulnerable to rate limiting bypass on login page

Details

Summary

Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that.

PoC

Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add payload marker at password parameter value. Start the attack after adding your password list We have added 74 passwords Check screenshot for more info <img width="1241" alt="Screenshot 2023-11-06 at 8 55 19 PM" src="https://user-images.githubusercontent.com/31764504/280905148-42274f1e-f869-4145-95b4-71c0bffde3a0.png">

Impact

An attacker can Bruteforce user accounts and using GET request for authentication is not recommended because certain web servers logs all requests in old logs which can also store victim user credentials.

Database specific

{
    "nvd_published_at": "2023-11-17T22:15:07Z",
    "cwe_ids": [
        "CWE-307",
        "CWE-770"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-17T21:38:42Z"
}

References

Affected packages

Packagist / librenms/librenms

Package

Name: librenms/librenms
Purl: pkg:composer/librenms/librenms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.11.0

Affected versions

1.*

1.19

1.20

1.20.1

1.21

1.22

1.22.01

1.23

1.24

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.32.01

1.33

1.33.01

1.34

1.35

1.36

1.36.01

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.50.1

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.62.1

1.62.2

1.63

1.64

1.64.1

1.65

1.65.1

1.66

1.67

1.68

1.69

1.70.0

1.70.1

21.*

21.1.0

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

21.9.1

21.10.0

21.10.1

21.10.2

21.11.0

21.12.0

21.12.1

22.*

22.1.0

22.2.0

22.2.1

22.2.2

22.3.0

22.4.0

22.4.1

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

22.10.0

22.11.0

22.12.0

23.*

23.1.0

23.1.1

23.2.0

23.4.0

23.4.1

23.5.0

23.6.0

23.7.0

23.8.0

23.8.1

23.8.2

23.9.0

23.9.1

23.10.0