CVE-2020-15906 Scanner
CVE-2020-15906 Scanner - Authentication Bypass vulnerability in Tiki Wiki CMS GroupWare
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
27 days 1 hour
Scan only one
Domain, IPv4
Toolbox
-
Tiki Wiki CMS GroupWare is a free and open-source content management system (CMS) and groupware platform. It is designed to manage and collaborate on content, including wikis, blogs, forums, and calendars, all within a single web-based application. Tiki Wiki CMS is widely used by businesses, educational institutions, and communities for managing projects, knowledge sharing, and collaboration. The software includes a wide array of features such as file galleries, search functionality, and administrative tools. It has a user-friendly interface but requires secure configuration to avoid potential security risks. Vulnerabilities in Tiki can compromise the integrity of a system and provide unauthorized access to sensitive data.
CVE-2020-15906 refers to an authentication bypass vulnerability in Tiki Wiki CMS GroupWare before version 21.2. This vulnerability occurs due to improper handling of the admin password after a specified number of failed login attempts. Specifically, after 50 consecutive failed login attempts, the admin password is reset to a blank value, allowing attackers to bypass authentication mechanisms. This security flaw could potentially lead to unauthorized administrative access. As a result, any user attempting multiple incorrect logins could gain admin-level access without the proper credentials. This vulnerability is categorized as critical due to its potential to expose systems to serious security risks.
The vulnerability manifests in the `tiki-login.php` script. After 50 failed login attempts, the system incorrectly sets the admin password to a blank value, allowing attackers to gain access without authentication. This flaw affects all versions of Tiki Wiki CMS GroupWare prior to version 21.2. The attack can be exploited through a brute-force method, where multiple invalid login attempts trigger the flaw. The vulnerability is further exacerbated by the lack of account lockout mechanisms or CAPTCHA after multiple failed login attempts. Exploiting this vulnerability requires no authentication, as the system resets the password after a fixed number of failed login attempts.
If successfully exploited, this vulnerability allows attackers to bypass authentication and gain administrative access to the affected Tiki Wiki CMS GroupWare installation. This could lead to the full compromise of the system, including unauthorized data access, modification of content, and potential administrative control over the entire system. Attackers could further use this access to deploy malware, exfiltrate sensitive data, or alter system settings. Since the vulnerability does not require user credentials, it poses a significant risk to all installations of affected versions of Tiki Wiki CMS GroupWare. Systems running vulnerable versions without adequate protection measures are at a high risk of exploitation.
References: