Executive Summary

This vulnerability in IntelliChoice eFORCE Software Suite 2.5.9 allows attackers to enumerate valid usernames by exploiting the 'ctl00$MainContent$UserName' POST parameter. By sending requests with different usernames, attackers can determine which usernames are valid based on the system's responses.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can allow attackers to gather valid usernames, which can be used as a first step in further attacks such as password guessing, phishing, or social engineering, potentially leading to unauthorized access or data breaches.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by sending HTTP POST requests to the login endpoint (/eFORCECommand/Account/Login.aspx) with different usernames in the 'ctl00$MainContent$UserName' POST parameter and analyzing the server's response messages. For example, submitting a valid username with an incorrect password returns "Invalid password entered for username [username]." whereas a non-existent username returns "Unable to login: User name [username] is not registered." This discrepancy allows detection of valid usernames. Example commands would involve using tools like curl or Burp Suite to send POST requests and observe responses. For instance, using curl: curl -X POST -d "ctl00$MainContent$UserName=someuser&ctl00$MainContent$Password=wrongpass" https://target/eFORCECommand/Account/Login.aspx and checking the response message. [1, 3, 4]

Useful 0 Not Useful 0