SA158: Improper Restriction of Excessive Authentication Attempts in Reporter
1429
04 May 2021
23 January 2018
CLOSED
HIGH
CVSS v2: 8.3
SUMMARY
Symantec Reporter does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.
AFFECTED PRODUCTS
| Reporter | ||
|---|---|---|
| CVE | Affected Version(s) | Remediation |
| CVE-2017-15531 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 |
| 10.1 | Upgrade to 10.1.5.5. | |
| 9.5 | Upgrade to 9.5.4.1. | |
ADDITIONAL PRODUCT INFORMATION
Symantec Reporter provides reporting capabilities for the Symantec ProxySG appliance, Secure Web Gateway (SWG) solution, and the Web Security Services (WSS). Reporter provides authentication and role-based access control for:
- administrator users: can manage Reporter's configuration and access all reporting information stored on it.
- standard users: only can access reporting information determined by the user roles and the reporting fields that the roles are authorized to access.
This vulnerability can be exploited only through the Reporter management interface. Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface. Not deploying the appliance in a secure network or restricting management interface access increases the threat of exploiting the vulnerability.
ISSUES
| CVE-2017-15531 | |
|---|---|
| Severity / CVSSv2 | High / 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C) |
| References | SecurityFocus: BID 102751 / NVD: CVE-2017-15531 |
| Impact | Unauthorized access |
| Description | Reporter does not restrict excessive authentication attempts for administrator and standard users, making it susceptible to a brute force password guessing attack. A remote attacker, with access to the management interface, can use brute force search to guess a user password and gain access to Reporter and the reporting information that the user is authorized to access. Reporter logs all successful and unsuccessful authentication attempts in the system event log. |
MITIGATION
Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface.
ACKNOWLEDGEMENTS
Symantec would like to thank Dhiraj Mishra (@mishradhiraj_) for reporting this vulnerability.
REVISION
2018-04-12 A fix for Reporter 10.1 is available in 10.1.5.5.
2018-01-23 initial public release