LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness
Title: LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness
Advisory ID: ZSL-2018-5451
Type: Local/Remote
Impact: Exposure of Sensitive Information
Risk: (2/5)
Release Date: 11.02.2018
7.7.3
7.7.2
7.7.1
7.6.4
7.6.2
7.5.1
7.4.2
7.1.1
Linux Ubuntu 16.04
Java 1.8.0_161
Apache-Coyote/1.1
Apache Tomcat/8.5.24
Apache Tomcat/8.5.13
Undisclosed 8.41
[30.01.2018] Vendor contacted.
[07.02.2018] No response from the vendor.
[08.02.2018] Vendor contacted again.
[10.02.2018] No response from the vendor.
[11.02.2018] Public security advisory released.
[2] https://packetstormsecurity.com/files/146353
[3] https://www.exploit-db.com/exploits/44019/
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/139088
[21.02.2018] - Added reference [1], [2], [3] and [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2018-5451
Type: Local/Remote
Impact: Exposure of Sensitive Information
Risk: (2/5)
Release Date: 11.02.2018
Summary
LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures.Description
The weakness is caused due to the 'j_spring_security_check' script and how it verifies provided credentials. Attacker can use this weakness to enumerate valid users on the affected node.Vendor
LogicalDOC Srl - https://www.logicaldoc.comAffected Version
7.7.47.7.3
7.7.2
7.7.1
7.6.4
7.6.2
7.5.1
7.4.2
7.1.1
Tested On
Microsoft Windows 10Linux Ubuntu 16.04
Java 1.8.0_161
Apache-Coyote/1.1
Apache Tomcat/8.5.24
Apache Tomcat/8.5.13
Undisclosed 8.41
Vendor Status
[26.01.2018] Vulnerabilities discovered.[30.01.2018] Vendor contacted.
[07.02.2018] No response from the vendor.
[08.02.2018] Vendor contacted again.
[10.02.2018] No response from the vendor.
[11.02.2018] Public security advisory released.
PoC
logicaldoc_enum.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://cxsecurity.com/issue/WLB-2018020151[2] https://packetstormsecurity.com/files/146353
[3] https://www.exploit-db.com/exploits/44019/
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/139088
Changelog
[11.02.2018] - Initial release[21.02.2018] - Added reference [1], [2], [3] and [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk