Zero Day Initiative - Getting Unauthenticated Remote Code Execution on the Logsign Unified SecOps Platform
Briefly

from Zero Day Initiative7 months ago
The vulnerability arises from the absence of rate limiting for reset_code requests. Attackers exploit this by repeatedly resetting admin passwords until the correct reset_code is obtained, becoming administrators.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform
The flaw is in /opt/logsign-api/api.py, where resetting passwords occurs. Despite a 3-minute time check on reset_code expiry, it doesn't prevent multiple attempts within the window, making brute-force attacks feasible.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/7/1/getting-unauthenticated-remote-code-execution-on-the-logsign-unified-secops-platform
Read at Zero Day Initiative
#security-vulnerability #rate-limiting #brute-force-attack #web-server-security #password-reset
[
|
]