S4E

MantisBT Default Login Scanner

This scanner detects the use of MantisBT in digital assets.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

1 minute

Time Interval

19 days 5 hours

Scan only one

Domain, IPv4

Toolbox

-

MantisBT is a popular open-source bug tracking system used widely by software development teams for managing software quality assurance tasks. It provides a platform for tracking issues and collaborating with team members, making it essential in various industrial environments. The application is favored for its ease of use, flexibility, and ability to integrate with other systems, supporting customization for a wide range of workflow methodologies. Many organizations use MantisBT to streamline the bug tracking process, ensuring that all issues are documented systematically for effective resolution. It includes functionality for project management and tracking software development progress, which aids in delivering quality software products. As a widely recognized tool in the IT industry, MantisBT is implemented across numerous sectors, making security critical for its uninterrupted operation.

The vulnerability detected by this scanner is the presence of default credentials in MantisBT installations. Default credentials refer to the pre-configured username and password provided by the manufacturer or vendor during installation. These are generally meant to be changed immediately after installation for security purposes. A failure to modify these credentials allows unauthorized access, posing a significant security risk. The vulnerability relies on the assumption that the default admin login details are still active, compromising the integrity of the system. This default login issue is classified under Security Misconfiguration as it results from improper configuration in the product setup phase.

The scanner targets the login endpoint of MantisBT and attempts to authenticate using commonly known default credentials. It sends HTTP requests to the login password page, utilizing a pitchfork attack method, which concurrently tests potential default usernames and passwords. If a valid login is detected, usually indicated by a specific status code or redirect, the vulnerability is confirmed. The technical checks include matching certain response patterns like "View Issues" or "Change Log" in the HTML content and headers to ascertain successful login. Additionally, the scanner extracts session identifiers to confirm that the authentication bypass was effective and the credentials are active.

If exploited, this vulnerability could allow malicious users to gain unauthorized administrative access to the MantisBT system. Once access is obtained, attackers may escalate privileges, alter configurations, access sensitive issue tickets, and manipulate data, leading to potential data breaches. This can have serious implications for organizations, affecting both operational security and data integrity. Furthermore, an attacker with administrative access could implement backdoors or other malicious configurations, thereby further compromising the security of the affected networks.

REFERENCES

Get started to protecting your Free Full Security Scan