No Limit in length of root directory name , results in memory consumption/DOS attack in ikus060/rdiffweb
Valid
Reported on
Sep 24th 2022
Description
There must be a fixed length for user input parameters like root directory name. Allowing users to enter long strings may result in a DOS attack or memory corruption
Proof of Concept
1)Go to https://rdiffweb-demo.ikus-soft.com/admin/users endpoint . 2)Click on add user 3)Here you will see that there is no limit for the root directory name length that allows a user to to set a very long string as long as 1 million characters 4)This may possible result in a memory corruption/DOS attack
Mitigation: There must be a fixed length for the root directory name - upto 256 characters
Impact
Allows an attacker to set a root directory name with long string leading to memory corruption/possible DOS attack
Occurrences
We are processing your report and will contact the
ikus060/rdiffweb
team within 24 hours.
8 months ago
The researcher's credibility has increased: +7
admin_users.html#L1-L122
has been validated
to join this conversation