CVE-2022-44022
PwnDoc <= 0.5.3 - Username Enumeration via response timings
Last updated
PwnDoc <= 0.5.3 - Username Enumeration via response timings
Last updated
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.
| Product | CVE | Owner | CVSSv3 Score | CWE |
|---|---|---|---|---|
It is possible to enumerate users registered in PwnDoc (tested on 0.5.3 - 2022-07-19 and previous versions) observing the web server response timing. For example, let's suppose these users were registered on PwnDoc:
By performing a brute force dictionary attack, a defined list of users can be provided via login POST request to detect the server's response time.
All the valid users can be discovered by a potential attacker checking if the response time to the login request is long. For not-existing users we can see a shorter response time.
The attack success depends higly on the stability of the server and the Internet connection between hosts. In any case, in order to apply a remediation, it is advisable to add a timing delay to balance the response timing for each login request.
5.3 Medium
