CentOS Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.
4d690cefefbcb68edc18c7fc5d83e5caExploit Title : CWP (CentOS Control Web Panel) User enumerate through HTTP response time
Date : 15 Jul 2019
Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak
Vendor Homepage : https://control-webpanel.com/
Software Link : Not available, user panel only available for lastest version
Version : 0.9.8.848
Tested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)
CVE-Number : CVE-2019-13599
Reference : https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13599.md
# Description
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times
# PoC
1. Login with valid user and invalid password, the server response time is about 250ms
2. Login with an invalid user and invalid password, the server response time is about 180ms
*The response time are also depend on the network speed. but however, when we log in with valid and invalid username, the response time will be different