Headline
CVE-2019-13599: CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration ≈ Packet Storm
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times.
Exploit Title : CWP (CentOS Control Web Panel) User enumerate through HTTP response timeDate : 15 Jul 2019Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin BoonwasanarakVendor Homepage : https://control-webpanel.com/Software Link : Not available, user panel only available for lastest versionVersion : 0.9.8.848Tested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)CVE-Number : CVE-2019-13599Reference : https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13599.md# DescriptionIn CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times# PoC1. Login with valid user and invalid password, the server response time is about 250ms2. Login with an invalid user and invalid password, the server response time is about 180ms*The response time are also depend on the network speed. but however, when we log in with valid and invalid username, the response time will be different