🔍
Common Vulnerabilities and Exposures
  • Welcome
  • CVE-2022-44023
  • CVE-2022-44022
  • CVE-2020-13654
Powered by GitBook
On this page
  • CVE Detail
  • Exploitation Steps

CVE-2022-44022

PwnDoc <= 0.5.3 - Username Enumeration via response timings

PreviousCVE-2022-44023NextCVE-2020-13654

Last updated 1 year ago

CVE Detail

PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.

Product
CVE
Owner
CVSSv3 Score
CWE

5.3 Medium

Exploitation Steps

It is possible to enumerate users registered in PwnDoc (tested on 0.5.3 - 2022-07-19 and previous versions) observing the web server response timing. For example, let's suppose these users were registered on PwnDoc:

By performing a brute force dictionary attack, a defined list of users can be provided via login POST request to detect the server's response time.

All the valid users can be discovered by a potential attacker checking if the response time to the login request is long. For not-existing users we can see a shorter response time.

The attack success depends higly on the stability of the server and the Internet connection between hosts. In any case, in order to apply a remediation, it is advisable to add a timing delay to balance the response timing for each login request.

pwndoc
CVE-2022-44022
Lorenzo Anastasi
CWE-307