Quick Summary: ************************************************************************ Product : WebArtFactory CMS. Version : Several in-production old system versions. Vendor : WebArtFactory - http://www.webartfactory.com Class : Remote Criticality : High Operating System(s) : N/A. Synopsis ************************************************************************ >From the WebArtFactory webpage: "Somos una empresa de desarrollo de páginas web y multimedia, formada por un grupo de jóvenes venezolanos, quienes ponemos a su disposición el más alto nivel de profesionalismo y creatividad prestos a lograr el éxito de su compañía y/o producto, mediante la utilización de las herramientas tecnológicas más actualizadas." WebArtFactory CMS is a very popular Content Management System among high profile venezuelan web sites: http://www.webartfactory.com/ns/portafolio.asp Notice ************************************************************************ The very popular WebArtFactory CMS suffers from a vulnerability in the authentication mechanism for its management subsystem. Due to the very high profile websites that use this CMS, Scientech de Venezuela has decided to release this advisory along with some urgent recommendations. Consequently, no specific details about this vulnerability will be made public. Vendor Status ************************************************************************ Scientech de Venezuela has contacted WebArtFactory, who has acknowledge the problem and is working to patch old versions of the software. Basic Explanation ************************************************************************ Incorrect handling of authentication credentials in the management subsystem allows for unauthorized access to all management webpages. During routine tests, Scientech de Venezuela has determined that is possible to gain total management control in a hostile manner of a site using only information publicly available. It is recommended that ?work around? measures be taken immediately while waiting for vendor patches. Proof Of Concept Status ************************************************************************ No proof of Concept will be released until patch is available from vendor. Work Around ************************************************************************ Remove all CMS' management webpages. You will have to edit your site offline and upload new versions. Alternatively, enforce additional authentication mechanisms to your management webpages (digital certificates, webserver based authentication mechanisms, etc). Corrective Measures ************************************************************************ Correct authentication credentials checking in all management webpages. Credits ************************************************************************ This vulnerability was discovered by Jose Torres and Ruben Recabarren at Scientech's Security Research Laboratory. Disclaimer ---------------------------------------------------------------------- This advisory was released by Scientech de Venezuela as a matter of notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer released in our advisories but can be obtained under contract. Contact our sales department at info@scientechsecurity.com for further information on how to obtain proof of concept code. ---------------------------------------------------------------------- Scientech de Venezuela. http://www.scientechsecurity.com
