Vesta Admin Panel Vulnerability Allows Complete Linux Server Takeover
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A vulnerability in the Vesta Control Panel has been discovered that allows attackers to take over entire Linux servers.
This alarming exploit leverages weaknesses in the password reset mechanism, posing a severe risk to users relying on Vesta for server management.
Vesta is a web-based control panel that simplifies server management for Linux users. Known for its lightweight structure and user-friendly interface, it is favored by many for hosting websites, managing domains, and creating databases.
The Vulnerability: Exploiting Bash $RANDOM
According to the Fortbridge report, the core of the vulnerability lies in using the bash$RANDOMvariable during the password reset process.
This variable generates pseudo-random numbers that are not cryptographically secure, making it possible for attackers to predict future values.
Generate a new code for the next password reset.
Code Snippet: Predicting $RANDOM Values
# Example of predicting $RANDOM values using bashrand $ bashrand crack -n 3 $RANDOM $RANDOM $RANDOM # Output Seed: 2137070299 +3 (old) # Seed found
Next 3 values: [22404, 16453, 2365]
The Vesta password reset function relies on a PHP script that checks if a reset token matches an existing one stored in user configuration files.
This file checks if the reset token($_POST[‘code’]) received from the url is equal to $rkey and if they match it will proceed to reset the user’s password.
When a user requests a password reset, they receive an email with a link containing this token. The process involves generating a new token using$RANDOM, where the vulnerability is exploited.
Breaking Down the Exploit
Researchers have demonstrated that they can predict all future password reset tokens by brute-forcing the seed used by $RANDOM. The challenge lies in reducing the brute-force scope from billions of possibilities to a manageable number.
This was achieved by analyzing how timestamps and process IDs influence seed generation, significantly narrowing down potential values.
Code Snippet: Brute-Forcing Seeds
# Brute-forcing seeds using reduced entropy for seed in $(seq $start_seed $end_seed); do RANDOM=$seed echo $RANDOM $RANDOM $RANDOM
This vulnerability allows an attacker to take over an entire server, which poses serious risks, including data breaches and unauthorized control over hosted websites.
Vesta users are strongly advised to update their systems with patches provided by developers and consider implementing additional security measures such as two-factor authentication.
This vulnerability highlights the critical importance of secure random number generation in software development.
Users are encouraged to stay informed about updates from Vesta and other security advisories to safeguard their digital assets effectively.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Vesta Admin Panel Vulnerability Allows Complete Linux Server Takeover
Author: DhivyaA vulnerability in the Vesta Control Panel has been discovered that allows attackers to take over entire Linux servers.
This alarming exploit leverages weaknesses in the password reset mechanism, posing a severe risk to users relying on Vesta for server management.
Vesta is a web-based control panel that simplifies server management for Linux users. Known for its lightweight structure and user-friendly interface, it is favored by many for hosting websites, managing domains, and creating databases.
The Vulnerability: Exploiting Bash $RANDOM
According to the Fortbridge report, the core of the vulnerability lies in using the bash$RANDOMvariable during the password reset process.
This variable generates pseudo-random numbers that are not cryptographically secure, making it possible for attackers to predict future values.
Generate a new code for the next password reset.Code Snippet: Predicting $RANDOM Values
# Example of predicting $RANDOM values using bashrand $ bashrand crack -n 3 $RANDOM $RANDOM $RANDOM # Output Seed: 2137070299 +3 (old) # Seed found
Next 3 values: [22404, 16453, 2365]
The Vesta password reset function relies on a PHP script that checks if a reset token matches an existing one stored in user configuration files.
This file checks if the reset token($_POST[‘code’]) received from the url is equal to $rkey and if they match it will proceed to reset the user’s password.When a user requests a password reset, they receive an email with a link containing this token. The process involves generating a new token using$RANDOM, where the vulnerability is exploited.
Breaking Down the Exploit
Researchers have demonstrated that they can predict all future password reset tokens by brute-forcing the seed used by $RANDOM. The challenge lies in reducing the brute-force scope from billions of possibilities to a manageable number.
This was achieved by analyzing how timestamps and process IDs influence seed generation, significantly narrowing down potential values.
Code Snippet: Brute-Forcing Seeds
# Brute-forcing seeds using reduced entropy for seed in $(seq $start_seed $end_seed); do RANDOM=$seed echo $RANDOM $RANDOM $RANDOM
This vulnerability allows an attacker to take over an entire server, which poses serious risks, including data breaches and unauthorized control over hosted websites.
Vesta users are strongly advised to update their systems with patches provided by developers and consider implementing additional security measures such as two-factor authentication.
This vulnerability highlights the critical importance of secure random number generation in software development.
Users are encouraged to stay informed about updates from Vesta and other security advisories to safeguard their digital assets effectively.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news
Оригинальная версия на сайте:
