<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Security Advisory: Knowage Password Disclosure

Posted by David Chadwick - 31 July, 2019

header-picture

Knowage Password Disclosure

Release date: 29/07/2019

Last update: 29/07/2019

Vendor: Knowage-suite

Vendor site: https://www.knowage-suite.com/site/home/

Product: Knowage

Affected version(s): 6.1.1

Remediated version: 6.4

Severity Rating: Medium

Impact: Exposure of sensitive information

Attack vector: Remote with authentication

CVE: CVE-2019-13348

Details: Knowage before 6.4 exposes the account name and password for any data sources entered into the application.

The following is a proof of concept:

http://<HOST>/knowage/restful-services/2.0/datasources/

v

Recommendation: Update to the latest patch.

Discovered by: David Chadwick from Content Security Pty. Ltd.


Recent Posts

CPS 234: An Overview of What You Need to Know

read more

Security Advisory: Redactor Unrestricted File Upload

read more

Security Advisory: MapControl SQL Injection

read more