Headline
CVE-2023-47312: CVE-2023-47312 – Headwind MDM Web panel 5.22.1 – Login Credential Leakage via Audit Entries - Boltonshield
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.
Published CVE numbers:
https://www.cve.org/CVERecord?id=CVE-2023-47312
https://nvd.nist.gov/vuln/detail/CVE-2023-47312
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.
The Audit plugin provides a detailed list of the web panel’s operations. When a configuration is updated, the set password is stored in an audit entry and returned without being masked. Due to the missing permission control, the audit plugin may not be accessible to lower-level users.
Exploitation’s steps
Authentication: Required (low-level user access is enough)
- Due to the vulnerability of CVE-2023-47316, even low-level users can access the Functions tab and the menu item Audit under this tab.
Accessible Audit function
- Users can retrieve all details belonging to the given log entry by clicking the search icon.
Password property contains a plaintext password to the given configuration
- Affected API call: /rest/plugins/audit/private/log/search (POST)
Related news
Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal.
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret.
Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload.