Information Gathering / Admin Interface Identified

Web and API

Description

Admin interface identified is a vulnerability related to information gathering. It is categorized under CWE-200 and is classified as an ‘Incomplete Information’ type vulnerability. This vulnerability arises when an attacker is able to identify and access the administrative interface of a web application or API without the user’s authorization. This can be done through various ways such as brute force attacks, directory traversal or using default credentials. As per OWASP testing guide (https://owasp.org/www-project-web-security-testing-guide/), the admin interface should be properly secured and access should be limited to the appropriate personnel.

Risk

The main risk associated with this vulnerability is that the attacker is able to gain unauthorized access to the administrative interface. This can pose a serious threat to the data stored in the application and also to the system itself. If the attacker is able to gain access to the administrative interface and modify the application’s code, they can gain control over the system. Unauthorized access to the administrative interface can also lead to information leakage, data tampering and other malicious activities.

Solution

The best way to mitigate the risk associated with this vulnerability is to implement proper authentication and authorization measures. Access to the administrative interface should be limited to only authorized personnel and should be properly secured with a strong password. Additionally, the administrative interface should be regularly monitored for any suspicious activity and any unauthorized access should be immediately blocked.

Example

The following example is taken from CVE-2017-10241 which illustrates the use of default credentials for accessing the administrative interface.

POST /admin/login.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 36
 
username=admin&password=default

Related incidents

  1. The MongoDB ransomware attack which affected more than 26000 MongoDB databases in 2017 was due to the lack of authentication and authorization on the administrative interface.
  2. In 2017, the US Department of Defense was breached due to the use of default credentials on the administrative interface.
  3. In 2018, the City of Atlanta was breached due to the lack of authentication and authorization on the administrative interface.
  4. In 2017, a vulnerability in the Adobe ColdFusion application's administrative interface allowed attackers to gain access to the application.
  5. In 2017, a vulnerability in the Oracle WebLogic application's administrative interface allowed attackers to gain access to the application.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.