WebArtFactory CMS Vulnerability

[Noticias <noticias () scientechsecurity com>]

Quick Summary:
************************************************************************
Product                 : WebArtFactory CMS.
Version                 : Several in-production old system versions.
Vendor                  : WebArtFactory - http://www.webartfactory.com
Class                   : Remote
Criticality             : High
Operating System(s)     : N/A.

Synopsis
************************************************************************
From the WebArtFactory webpage:
"Somos una empresa de desarrollo de páginas web y multimedia, 
formada por un grupo de jóvenes venezolanos, quienes ponemos 
a su disposición el más alto nivel de profesionalismo y creatividad 
prestos a lograr el éxito de su compañía y/o producto, mediante la 
utilización de las herramientas tecnológicas más actualizadas."

WebArtFactory CMS is a very popular Content Management System
among high profile venezuelan web sites: 
http://www.webartfactory.com/ns/portafolio.asp


Notice
************************************************************************
The very popular WebArtFactory CMS suffers from a vulnerability 
in the authentication mechanism for its management subsystem.
Due to the very high profile websites that use this CMS, Scientech 
de Venezuela has decided to release this advisory along with 
some urgent recommendations. Consequently, no specific details
about this vulnerability will be made public.


Vendor Status
************************************************************************
Scientech de Venezuela has contacted WebArtFactory, who has acknowledge 
the problem and is working to patch old versions of the software.


Basic Explanation
************************************************************************
Incorrect handling of authentication credentials in the management
subsystem allows for unauthorized access to all management webpages. 
During routine tests, Scientech de Venezuela has determined that is 
possible to gain total management control in a hostile manner of a site 
using only information publicly available. It is recommended that “work 
around” measures be taken immediately while waiting for vendor patches.


Proof Of Concept Status
************************************************************************
No proof of Concept will be released until patch is available from vendor.


Work Around
************************************************************************
Remove all CMS' management webpages. You will have to edit your site
offline and upload new versions.

Alternatively, enforce additional authentication mechanisms to your
management webpages (digital certificates, webserver based authentication
mechanisms, etc).

Corrective Measures
************************************************************************
Correct authentication credentials checking in all management
webpages.


Credits
************************************************************************
This vulnerability was discovered by Jose Torres and Ruben Recabarren
at Scientech's Security Research Laboratory.


Disclaimer
----------------------------------------------------------------------
This advisory was released by Scientech de Venezuela as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories but can be obtained under contract. Contact our sales 
department at info () scientechsecurity com for further information on how 
to obtain proof of concept code.

----------------------------------------------------------------------
Scientech de Venezuela. http://www.scientechsecurity.com