| 제목 | LogicalDOC Community 9.2.1 Improper Restriction of Excessive Authentication Attempts |
|---|
| 설명 | Summary
The admin login page of LogicalDOC v9.2.1 is susceptible to unauthenticated credential brute-force. An attacker can automate password guessing against the /login.jsp endpoint and determine valid credentials by differences in HTTP response (status code and response length), allowing full takeover of the admin account.
Steps to Reproduce
1. Navigate to http://lg.htb:8080/login.jsp
2. Capture a valid login request with Burp Suite
3. Send the captured request to Intruder
4. Set the body/form parameters such that the username is fixed and the password is a payload position, e.g.: j_username=admin&j_password=§admin§
5. Load a password list (used example: the 500 worst passwords list: https://gist.github.com/djaiss/4033452) into Intruder
Incorrect Password attempt returns Status Code: 302 and Response Length: 675
Correct Password attempt returns Status Code: 200 and Response Length: 796)
6. The correct password is identified and admin access is gained — confirming admin account takeover via password brute forcing
Impact
*) Full admin account takeover possible via automated credential guessing.
*) Unauthorized access to sensitive documents and configuration.
*) Ability to modify or delete data and create privileged accounts.
*) Potential lateral movement and persistence after compromise.
*) Regulatory, compliance, and reputational exposure.
Recommendation
*) Implement account lockout or progressive rate-limiting after failed attempts.
*) Enforce multi-factor authentication (MFA) for all admin accounts.
*) Normalize authentication responses (same status/body for success and failure).
*) Introduce CAPTCHA or adaptive challenges after suspicious activity.
*) Block or throttle suspicious IPs and use WAF rules to detect automation. |
|---|
| 원천 | ⚠️ https://gist.github.com/thezeekhan/869aeb01bd981667c35dcac3e72c2bfa |
|---|
| 사용자 | Zeeshan Khan (UID 91384) |
|---|
| 제출 | 2025. 10. 16. PM 07:00 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 31. PM 02:10 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 330807 [LogicalDOC Community Edition 까지 9.2.1 Admin Login Page /login.jsp 정보 공개] |
|---|
| 포인트들 | 20 |
|---|