Actu
Vigil@nce - Akeeba Backup for WordPress and Joomla: information disclosure
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send many requests of backups access to Akeeba
Backup, in order to retrieve the authentication secret.
Impacted products: Joomla Extensions, WordPress Plugins
Severity: 1/4
Creation date: 21/08/2014
DESCRIPTION OF THE VULNERABILITY
The Akeeba Backup product offers a JSON based web service.
This service may be used to access to backups and requires a
successful authentication. However, some details in the server
response provide information about the result of an internal
decryption, part of the authentication. An attacker can retrieve
the first byte of the authentication secret without being forced
to retrieve a whole AES bloc. One may assume that the following
bytes may be retrieved in the same way from the previous ones.
An attacker can therefore send many requests of backups access to
Akeeba Backup, in order to retrieve the authentication secret.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
