SA158: Improper Restriction of Excessive Authentication Attempts in Reporter

1429

04 May 2021

23 January 2018

CLOSED

HIGH

CVSS v2: 8.3

SUMMARY

 

Symantec Reporter does not restrict excessive authentication attempts for management interface users.  A remote attacker can use brute force search to guess a user password and gain access to Reporter.

AFFECTED PRODUCTS

 

Reporter
CVE Affected Version(s) Remediation
CVE-2017-15531 10.2 and later Not vulnerable, fixed in 10.2.1.1
10.1 Upgrade to 10.1.5.5.
9.5 Upgrade to 9.5.4.1.

 

ADDITIONAL PRODUCT INFORMATION

 

Symantec Reporter provides reporting capabilities for the Symantec ProxySG appliance, Secure Web Gateway (SWG) solution, and the Web Security Services (WSS).  Reporter provides authentication and role-based access control for:

  • administrator users: can manage Reporter's configuration and access all reporting information stored on it.
  • standard users: only can access reporting information determined by the user roles and the reporting fields that the roles are authorized to access.

This vulnerability can be exploited only through the Reporter management interface.  Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface.  Not deploying the appliance in a secure network or restricting management interface access increases the threat of exploiting the vulnerability.

ISSUES

 

CVE-2017-15531
Severity / CVSSv2 High / 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C)
References SecurityFocus: BID 102751 / NVD: CVE-2017-15531
Impact Unauthorized access
Description Reporter does not restrict excessive authentication attempts for administrator and standard users, making it susceptible to a brute force password guessing attack.  A remote attacker, with access to the management interface, can use brute force search to guess a user password and gain access to Reporter and the reporting information that the user is authorized to access.  Reporter logs all successful and unsuccessful authentication attempts in the system event log.

 

MITIGATION

 

Symantec recommends that customers deploy Reporter in a secure network and restrict access to the management interface.

ACKNOWLEDGEMENTS

 

Symantec would like to thank Dhiraj Mishra (@mishradhiraj_) for reporting this vulnerability.

REVISION

 

2018-04-12 A fix for Reporter 10.1 is available in 10.1.5.5.
2018-01-23 initial public release