CVE-2014-3445 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2014-3445?

CVE-2014-3445 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to bypass authentication in HandsomeWeb SOS Webpages by using the administrator password hash instead of the cleartext password. Attackers can access backup.php without knowing the actual password, potentially gaining administrative control. All users of SOS Webpages before version 1.1.12 are affected.

📋 TL;DR

This vulnerability allows remote attackers to bypass authentication in HandsomeWeb SOS Webpages by using the administrator password hash instead of the cleartext password. Attackers can access backup.php without knowing the actual password, potentially gaining administrative control. All users of SOS Webpages before version 1.1.12 are affected.

💻 Affected Systems

Products:

HandsomeWeb SOS Webpages

Versions: All versions before 1.1.12

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires backup.php to be accessible and attacker to have obtained the administrator password hash.

📦 What is this software?

Sos Webpages by Handsomeweb

View all CVEs affecting Sos Webpages →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the web application with administrative privileges, allowing data theft, defacement, or installation of backdoors.

🟠

Likely Case

Unauthorized access to sensitive backup files and administrative functions, potentially leading to data exposure.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - The backup.php endpoint is typically accessible remotely, making exploitation straightforward.

🏢 Internal Only: MEDIUM - Internal attackers with access to password hashes could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires obtaining the administrator password hash first, which may be available through other vulnerabilities or leaks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.12

Vendor Advisory: http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/

Restart Required: No

Instructions:

1. Download version 1.1.12 from the vendor site. 2. Replace all existing files with the new version. 3. Verify backup.php now requires cleartext password authentication.

🔧 Temporary Workarounds

Restrict access to backup.php

all

Block external access to the vulnerable backup.php file using web server configuration.

# Apache: add to .htaccess
<Files "backup.php">
Order Deny,Allow
Deny from all
</Files>
# Nginx: add to server block
location ~ /backup\.php$ {
    deny all;
}

Remove backup.php file

linux

Delete or rename the vulnerable backup.php file if backup functionality is not required.

rm backup.php
mv backup.php backup.php.disabled

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the web application.
Monitor authentication logs for suspicious access attempts to backup.php.

🔍 How to Verify

Check if Vulnerable:

Check if backup.php accepts password hash instead of cleartext password by attempting authentication with a known hash.

Check Version:

Check the version number in the application's configuration files or admin interface.

Verify Fix Applied:

Verify that backup.php now rejects authentication attempts using password hashes and requires cleartext passwords.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts to backup.php with unusual parameters
Successful access to backup.php without corresponding cleartext password authentication

Network Indicators:

HTTP requests to /backup.php with hash parameters in POST data

SIEM Query:

web.url="*/backup.php" AND (http.method=POST OR http.method=GET) AND (web.query="hash=*" OR http.post_data="hash=*")

📊 Metadata

CVE ID: CVE-2014-3445

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

Published: January 28, 2020

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2014/May/130 Exploit,Mailing List,Third Party Advisory
http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/ Third Party Advisory
http://www.securityfocus.com/bid/67644 Third Party Advisory,VDB Entry
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/ Exploit,Third Party Advisory
http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2014/May/130 Exploit,Mailing List,Third Party Advisory
http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/ Third Party Advisory
http://www.securityfocus.com/bid/67644 Third Party Advisory,VDB Entry
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2014-3445, you might also want to check these: