Published: 22/02/2021 Updated: 26/02/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be leveraged for brute-force authentication bypass (such as in CVE-2021-27513 exploitation).

Vulnerable Product	Search on Vulmon	Subscribe to Product
eyesofnetwork eyesofnetwork 5.3-10

(CVE-2021-27514) Authentication bypass with SessionID brute forcing What software contains the vulnerability? The vulnerability is found in version 5310 of a program called EyesofNetwork What is the vulnerability? The program allows the sessionID to be brute-forced without an eventual timeout or cooldown to prevent excessive authentication attempts To make brute-forcing ev

exploit-eyesofnetwork Version 535 up to 5310 CVE-2021-27513 / CVE-2021-27514 #The brute-forcing can take a very long time on non production environement cause "session_id" is created at every login (but every session_id generated by the app are valide) #for the PoC i deployed an EyesOfNetwork solution and I've simulate an daily use with 300 login (on product

CWE-307 https://github.com/ArianeBlow/exploit-eyesofnetwork5.3.10/blob/main/PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py https://github.com/EyesOfNetworkCommunity/eonweb/issues/87 https://nvd.nist.gov https://github.com/Tjohn42/Markdown

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-27514

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect