Vulnerabilities > CVE-2013-7033 - Cryptographic Issues vulnerability in Livezilla

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

livezilla

CWE-310

nessus

NVD

Published: 2014-05-19

Updated: 2014-05-20

Summary

LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.

Vulnerable Configurations

Part	Description	Count
Application	Livezilla Livezilla Livezilla 5.0.1.0 Livezilla Livezilla 5.0.1.1 Livezilla Livezilla 5.0.1.2 Livezilla Livezilla 5.0.1.3 Livezilla Livezilla 5.0.1.4 Livezilla Livezilla 5.1.0.0 Livezilla Livezilla 5.1.1.0 Livezilla Livezilla 3.1.8.3 Livezilla Livezilla 3.2.0.2 Livezilla Livezilla 4.0.1.0 Livezilla Livezilla 4.0.1.1 Livezilla Livezilla 4.0.1.2 Livezilla Livezilla 4.1.0.3 Livezilla Livezilla 4.1.0.4 Livezilla Livezilla 4.2.0.4 Livezilla Livezilla 4.2.0.5 Livezilla Livezilla 5.1.2.0	17

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	CGI abuses
NASL id	LIVEZILLA_5_1_2_1.NASL
description	The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version 5.1.2.0. (CVE-2013-7003, CVE-2013-7032) - The application insecurely stores credentials that are accessible via JavaScript. An attacker can gain access to these credentials by exploiting a cross-site scripting vulnerability. Note that the vendor update partially fixes the issue by storing the credentials as MD5 hashes. (CVE-2013-7033) - The application is affected by a PHP object injection vulnerability because it fails to properly sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	71522
published	2013-12-18
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/71522
title	LiveZilla < 5.1.2.1 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(71522); script_version("1.6"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2013-7003", "CVE-2013-7032", "CVE-2013-7033", "CVE-2013-7034" ); script_bugtraq_id( 64202, 64376, 64378, 64383 ); script_name(english:"LiveZilla < 5.1.2.1 Multiple Vulnerabilities"); script_summary(english:"Checks the version of LiveZilla."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of LiveZilla hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Note that CVE-2013-7003 was reportedly fixed in version 5.1.2.0. (CVE-2013-7003, CVE-2013-7032) - The application insecurely stores credentials that are accessible via JavaScript. An attacker can gain access to these credentials by exploiting a cross-site scripting vulnerability. Note that the vendor update partially fixes the issue by storing the credentials as MD5 hashes. (CVE-2013-7033) - The application is affected by a PHP object injection vulnerability because it fails to properly sanitize user-supplied input to the 'setCookieValue()' function of the '_lib/functions.global.inc.php' script. (CVE-2013-7034)"); # http://zoczus.blogspot.com/2013/12/en-livezilla-multiple-vulnerabilities.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?86f60d46"); script_set_attribute(attribute:"see_also", value:"http://www.livezilla.net/board/index.php?/topic/163-livezilla-changelog/"); script_set_attribute(attribute:"solution", value: "Upgrade to LiveZilla version 5.1.2.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-7034"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:livezilla:livezilla"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("livezilla_detect.nbin"); script_require_keys("installed_sw/LiveZilla", "www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); port = get_http_port(default:80, php:TRUE); appname = "LiveZilla"; install = get_single_install(app_name:appname, port:port, exit_if_unknown_ver:TRUE); path = install["path"]; version = install["version"]; install_url = build_url(port:port, qs:path); fix = '5.1.2.1'; ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 5 \|\| (ver[0] == 5 && ver[1] < 1) \|\| (ver[0] == 5 && ver[1] == 1 && ver[2] < 2) \|\| (ver[0] == 5 && ver[1] == 1 && ver[2] == 2 && ver[3] < 1) ) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version);

Packetstorm

data source	https://packetstormsecurity.com/files/download/124444/livezilla-insecure.txt
id	PACKETSTORM:124444
last seen	2016-12-05
published	2013-12-16
reporter	Jakub Zoczek
source	https://packetstormsecurity.com/files/124444/LiveZilla-5.1.2.0-Insecure-Password-Storage.html
title	LiveZilla 5.1.2.0 Insecure Password Storage

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Packetstorm

References