phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.
History

Fri, 15 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Phpipam
Phpipam phpipam
CPEs cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*
Vendors & Products Phpipam
Phpipam phpipam
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 11:15:00 +0000

Type Values Removed Values Added
Description phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get_user_ip()' function in 'class.Common.php' at lines 1044 and 1045, where the presence of the 'X-Forwarded-For' header is checked and used instead of 'REMOTE_ADDR'. This vulnerability allows attackers to perform brute force attacks on user accounts, including the admin account. The issue is fixed in version 1.7.0.
Title Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam
Weaknesses CWE-307
References
Metrics cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-11-15T10:57:05.410Z

Updated: 2024-11-15T19:09:48.262Z

Reserved: 2024-01-22T17:00:17.923Z

Link: CVE-2024-0787

cve-icon Vulnrichment

Updated: 2024-11-15T19:09:42.489Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-15T11:15:09.213

Modified: 2024-11-19T15:53:59.093

Link: CVE-2024-0787

cve-icon Redhat

No data.