Share
Exploit Title : CWP (CentOS Control Web Panel) User enumerate through HTTP response time  
Date : 15 Jul 2019  
Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak  
Vendor Homepage : https://control-webpanel.com/  
Software Link : Not available, user panel only available for lastest version  
Version : 0.9.8.848  
Tested on : CentOS 7.6.1810 (Core) FireFox 68.0.1 (64-bit)  
CVE-Number : CVE-2019-13599  
Reference : https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13599.md  
  
  
# Description  
  
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times  
  
  
# PoC  
  
1. Login with valid user and invalid password, the server response time is about 250ms  
2. Login with an invalid user and invalid password, the server response time is about 180ms  
  
*The response time are also depend on the network speed. but however, when we log in with valid and invalid username, the response time will be different