CVE-2018-12520

ntop-ng < 3.4.180617 - Authentication Bypass

Severity Score

8.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.

Se ha descubierto un problema en ntopng, en versiones 3.4 anteriores a la 3.4.180617. El PRNG implicado en la generación de ID de sesión no se propaga al iniciar el programa. Esto resulta en que se asignan ID de sesión deterministas para las sesiones activas de usuario. Un atacante con conocimientos del sistema operativo y biblioteca estándar en uso por parte del host que ejecuta el servicio y el nombre de usuario del usuario cuya sesión está en el punto de mira puede abusar de la generación determinista de números aleatorios para secuestrar la sesión del usuario y escalando su acceso.

ntop-ng versions prior to 3.4.180617 suffer from a deterministic session ID vulnerability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-06-17 CVE Reserved
2018-07-02 CVE Published
2024-04-19 EPSS Updated
2024-08-05 CVE Updated
2024-08-05 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/44973	2024-08-05
http://seclists.org/fulldisclosure/2018/Jul/14	2024-08-05
https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f	2024-08-05

URL	Date	SRC
https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a	2024-02-10

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ntop Search vendor "Ntop"		Ntopng Search vendor "Ntop" for product "Ntopng"				>= 3.4 < 3.4.180617 Search vendor "Ntop" for product "Ntopng" and version " >= 3.4 < 3.4.180617"		-		Affected