Mantis Bugtracker

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002062 [Cacti] Security minor have not tried 2011-09-25 12:37 2012-10-24 03:40
Reporter rony View Status public  
Assigned To rony
Priority high Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version Product Version 0.8.7g
  Target Version 0.8.7h Product Build
Summary 0002062: Multiple security vunerbilities
Description From forum post: http://forums.cacti.net/viewtopic.php?f=21&t=44116 [^]

I has installed the Cacti 0.8.7g and will publish to internet but my security team has done some security assessment and found that something to be fix.
Below are the security issues that should be fix and I have no idea how to fix the issues.

1. Authentication Bypass Using SQL Injection
Example: https://IP [^] Address/cacti/index.php (Parameter: login_username)
Remediation: Filter out hazardous characters from user input

2. Cross-Site Scripting
Example: https://IP [^] Address/cacti/graph_settings.php
Remediation: Filter out hazardous characters from user input

3. Phishing Through URL Redirection
Example: https://IP [^] Address/cacti/graph_settings.php (Parameter: referer)
Remediation: Disable redirection to external sites based on parameter values

4. Stored Cross-Site Scripting
Example: https://IP [^] Address/cacti/graph_settings.php
Remediation: Filter out hazardous characters from user input

5. Cross-Site Request Forgery
Example: https://IP [^] Address/cacti/logout.php
Remediation: Decline malicious requests

6. Inadequate Account Lockout
Example: https://IP [^] Address/cacti/index.php (Parameter: login_password)
Remediation: Enforce account lockout after several failed login attempts

7. Phishing Through Frames
Example: https://IP [^] Address/cacti/graph_settings.php (Parameter: num_columns)
Remediation: Filter out hazardous characters from user input
Steps To Reproduce
Additional Information
Tags No tags attached.
Attached Files zip file icon CACTI - Vulnerability Assessment Report v1.1.zip [^] (2,061,005 bytes) 2011-09-29 21:29

- Relationships

-  Notes
(0005880)
rony (administrator)
2011-09-25 20:00

SQL injection fixed for 0.8.7h release.
(0005883)
red_garlic (reporter)
2011-09-29 21:32

hi,

I'm attached the full security assessment report.
Hope it can help.

thanks
(0005884)
TheWitness (developer)
2011-10-02 22:33

Thanks,

TheWitness
(0005900)
red_garlic (reporter)
2011-10-11 23:42

Hi,

I had updated to 0.8.7h and got positive result for security assessment.
Only 3 item need to be fix.

1.Cross-Site Scripting
Example: https://IP/cacti/graph_settings.php [^]
Remediation: Filter out hazardous characters from user input

2.Stored Cross-Site Scripting
Example: https://IP/cacti/graph_settings.php [^]
Remediation: Filter out hazardous characters from user input

3.Cross-Site Request Forgery
Example: https://IP/cacti/logout.php [^]
Remediation: Decline malicious requests

Thanks.
(0005902)
TheWitness (developer)
2011-10-12 14:10

This must have been done with the PIA installed. Can you confirm?
(0005903)
TheWitness (developer)
2011-10-12 15:09

Of the issues above all but

6. Inadequate Account Lockout

Have been addressed. Item 6. from above is a feature request. I'll defer to Rony. I know that cigamit wrote a C3 security layer on Cacti already, but I don't believe it is publicly available.
(0005918)
TheWitness (developer)
2011-10-24 21:12

All the relevant are confirmed as resolved.

- Issue History
Date Modified Username Field Change
2011-09-25 12:37 rony New Issue
2011-09-25 12:37 rony Status new => assigned
2011-09-25 12:37 rony Assigned To => rony
2011-09-25 20:00 rony Note Added: 0005880
2011-09-26 14:39 paulgevers Issue Monitored: paulgevers
2011-09-29 03:28 bfek-18 Issue Monitored: bfek-18
2011-09-29 21:29 red_garlic File Added: CACTI - Vulnerability Assessment Report v1.1.zip
2011-09-29 21:32 red_garlic Note Added: 0005883
2011-10-02 22:33 TheWitness Note Added: 0005884
2011-10-02 22:33 TheWitness Issue Monitored: TheWitness
2011-10-11 23:42 red_garlic Note Added: 0005900
2011-10-12 14:10 TheWitness Note Added: 0005902
2011-10-12 15:09 TheWitness Note Added: 0005903
2011-10-24 21:12 TheWitness Note Added: 0005918
2011-10-24 21:12 TheWitness Status assigned => resolved
2011-10-24 21:12 TheWitness Resolution open => fixed
2012-05-01 11:00 paulgevers Issue End Monitor: paulgevers
2012-10-24 03:40 Linegod Status resolved => closed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker