Researchers at RIPS Technologies discovered a serious vulnerability (CVE-2017-14596) in the Joomla content management system. The problem occurs when using LDAP for authentication and affects versions from 1. 5 to 3. LDAP is implemented in Joomla through the "native" authentication plug-in, which you can activate in the plug-in manager.

Analysis of the Joomla authorization page when the LDAP plug-in was enabled showed insufficient level of input validation. As a result, an attacker can character by character to guess the credentials.

"By exploiting the vulnerability in the authorization page, a remote, unauthorized attacker can successfully obtain all the credentials of the LDAP server used in Joomla installations. This includes the username and password of the superuser, administrator of Joomla, "the researchers explained.

According to experts, an attacker can use stolen data for authorization in the control panel and gain control over the installation of Joomla (and potentially over a web server) by downloading customized Joomla extensions for remote code execution.

Researchers published a PoC code for exploiting the vulnerability, demonstrating a video attack and technical information about the problem. According to experts, to exploit the vulnerability, it is also necessary to bypass the filter, but details on how to do it are not disclosed.

The manufacturer learned about the problem on July 27 this year, but released an update to Joomla 3. 8 only this week. According to the classification of RIPS Technologies, the vulnerability is critical, but the manufacturer characterizes it as an average danger.

LDAP (Lightweight Directory Access Protocol) - an application layer protocol for accessing the directory service X. 500. The protocol was developed by the Internet Engineering Council (IETF) as a lightweight version of the DAP protocol. LDAP is a relatively simple protocol that uses TCP / IP and allows you to perform bind, search, and compare operations, and add, modify, or delete records.