CVE-2020-15906 Scanner

CVE-2020-15906 Scanner - Authentication Bypass vulnerability in Tiki Wiki CMS GroupWare

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

27 days 1 hour

Scan only one

Domain, IPv4

Toolbox

-

Tiki Wiki CMS GroupWare is a free and open-source content management system (CMS) and groupware platform. It is designed to manage and collaborate on content, including wikis, blogs, forums, and calendars, all within a single web-based application. Tiki Wiki CMS is widely used by businesses, educational institutions, and communities for managing projects, knowledge sharing, and collaboration. The software includes a wide array of features such as file galleries, search functionality, and administrative tools. It has a user-friendly interface but requires secure configuration to avoid potential security risks. Vulnerabilities in Tiki can compromise the integrity of a system and provide unauthorized access to sensitive data.

CVE-2020-15906 refers to an authentication bypass vulnerability in Tiki Wiki CMS GroupWare before version 21.2. This vulnerability occurs due to improper handling of the admin password after a specified number of failed login attempts. Specifically, after 50 consecutive failed login attempts, the admin password is reset to a blank value, allowing attackers to bypass authentication mechanisms. This security flaw could potentially lead to unauthorized administrative access. As a result, any user attempting multiple incorrect logins could gain admin-level access without the proper credentials. This vulnerability is categorized as critical due to its potential to expose systems to serious security risks.

The vulnerability manifests in the `tiki-login.php` script. After 50 failed login attempts, the system incorrectly sets the admin password to a blank value, allowing attackers to gain access without authentication. This flaw affects all versions of Tiki Wiki CMS GroupWare prior to version 21.2. The attack can be exploited through a brute-force method, where multiple invalid login attempts trigger the flaw. The vulnerability is further exacerbated by the lack of account lockout mechanisms or CAPTCHA after multiple failed login attempts. Exploiting this vulnerability requires no authentication, as the system resets the password after a fixed number of failed login attempts.

If successfully exploited, this vulnerability allows attackers to bypass authentication and gain administrative access to the affected Tiki Wiki CMS GroupWare installation. This could lead to the full compromise of the system, including unauthorized data access, modification of content, and potential administrative control over the entire system. Attackers could further use this access to deploy malware, exfiltrate sensitive data, or alter system settings. Since the vulnerability does not require user credentials, it poses a significant risk to all installations of affected versions of Tiki Wiki CMS GroupWare. Systems running vulnerable versions without adequate protection measures are at a high risk of exploitation.

References:

Get started to protecting your Free Full Security Scan