La nuova immagine di TIM
Una nuova immagine con uno stile dinamico, colori moderni e persone che occupano quasi interamente la scena. Scopri di più
Presentazione dei Risultati H1 2025
Vai alla pagina
La Sostenibilità per TIM
Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci
Ultimi Comunicati Stampa
Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati
Vulnerability Description: Observable Response Discrepancy – CWE-204
Software Version: ≤v031
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-45177
CVSv3: 7.5
Severity: High
Credits: Luca Borzacchiello, Andrea Carlo Maria Dattola, Massimiliano Ferraresi, Massimiliano Brolli
The Web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.
Step-by-step instructions and PoC
An attacker, without authentication, through Collaboration vDesk, is able to understand the state of the server and the users inside through the "User Enumeration" vulnerability.
Affected Endpoints
· https://vdeskbridge.[REDACTED]/api/v1/vdeskintegration/user/isenableuser
· https://vdeskbridge.[REDACTED]/api/v1/sharedsearch?search=[NAME]+[SURNAME]
· https://vdesk.[REDACTED]/login
Below is the evidence with details of the vulnerability and the payloads used.
Payload used to exploit the vulnerability:
Figure 1 - Payload used to exploit the user enumeration vulnerability. By Iterating the username parameter, it is possible to verify, without any authentication, whether the user exists and can log in within the Collaboration vDesk system.
Figure 2 - Pair of HTTP requests and responses showing how the user "secictma" exists
Figure 3 - Figure demonstrating the existence of the user "secictma2"
Security Impact
A user can gain access to confidential information such as the presence of all users on the system by facilitating the password bruteforce phase or by exploiting other vulnerabilities such as "Multiple Broken Access Control".