Login Sign Up

CVE-2018-9160

9.8 CRITICAL

📋 TL;DR

SickRage versions before 2018.03.09-1 expose user credentials in cleartext within HTTP responses, allowing attackers to intercept authentication data. This affects all SickRage users running vulnerable versions, particularly those with internet-facing instances.

💻 Affected Systems

Products:
  • SickRage
Versions: All versions before 2018.03.09-1
Operating Systems: All platforms running SickRage
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all SickRage installations regardless of configuration.

📦 What is this software?

Sickrage by Sickrage

View all CVEs affecting Sickrage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full credential compromise leading to unauthorized access, data theft, and potential system takeover if credentials are reused elsewhere.

🟠

Likely Case

Credential harvesting by attackers scanning for vulnerable instances, resulting in unauthorized SickRage access and potential media library manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and credential isolation, though credentials remain exposed in transit.

🌐 Internet-Facing: HIGH - Internet-facing instances expose credentials to any network observer without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could intercept credentials on local networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only network access to intercept HTTP traffic; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2018.03.09-1 and later

Vendor Advisory: https://github.com/SickRage/sickrage.github.io/blob/master/sickrage-news/CHANGES.md

Restart Required: Yes

Instructions:

1. Update SickRage to version 2018.03.09-1 or later. 2. Restart the SickRage service. 3. Verify credentials are no longer exposed in HTTP responses.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict SickRage access to trusted networks only using firewall rules.

iptables -A INPUT -p tcp --dport 8081 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -j DROP

Reverse Proxy with SSL

all

Place SickRage behind a reverse proxy with SSL/TLS encryption to protect credentials in transit.

🧯 If You Can't Patch

  • Isolate SickRage to internal network segments only
  • Use unique credentials not shared with other systems

🔍 How to Verify

Check if Vulnerable:

Intercept HTTP traffic to SickRage port (default 8081) and check if credentials appear in cleartext in responses.

Check Version:

Check SickRage web interface settings or run: grep -i version /path/to/sickrage/config.ini

Verify Fix Applied:

After update, verify credentials no longer appear in HTTP responses using traffic inspection tools.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts
  • Multiple failed login attempts from new IPs

Network Indicators:

  • Cleartext credential strings in HTTP traffic to SickRage port

SIEM Query:

source="*sickrage*" AND "password" OR "username" IN http_response

📊 Metadata

CVE ID: CVE-2018-9160
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-522
Published: March 31, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-9160, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)