Another day, another few CVEs!
I was working with the same friend (Tyler Fryxell) from CVE-2022-34009 which I posted about HERE
We were testing another open source project called Renato! It can be found HERE
Although we didn’t spend too much time, we ran into a few issues affecting Renato version 0.17.0.
The simplest was the password policy. We found (obviously) quickly that the default password was “password”. Which is extremely weak again dictionary attacks! We also found that there were no password requirements when replacing this password so with passwords like “p” allowed, it makes brute force attacks trivial. This ended up being CVE-2022-35143
Lastly we found a Denial of Service (DoS) which in my opinion was the most interesting! This DoS affected the “Search” GET parameter and caused the application to crash by just searching a specific payload. The best part was unauthenticated attackers can exploit this vulnerability! This ended up being CVE-2022-35142
As you can see nothing special but the basics are still useful!
Anyway, I reached out to the developers HERE (especially Ryan Lelek) who were more then helpful and professional.
They published a fix HERE and gave me credit which I’m super grateful for!
Renato version 0.17.1 was released HERE and they gave me credit again which I’m even more super grateful for!
Perhaps I’ll have to go back to confirm their fixes!
Until next time!