CVE-2023-3173 – CVE-2023-3173 is an authentication brute-force ... (How to Fix)

Q: What is the severity of CVE-2023-3173?

CVE-2023-3173 has a CVSS score of 9.8 (CRITICAL). CVE-2023-3173 is an authentication brute-force vulnerability in froxlor web hosting control panel. Attackers can bypass rate limiting to perform unlimited login attempts, potentially compromising admin accounts. All froxlor installations prior to version 2.0.20 are affected.

📋 TL;DR

CVE-2023-3173 is an authentication brute-force vulnerability in froxlor web hosting control panel. Attackers can bypass rate limiting to perform unlimited login attempts, potentially compromising admin accounts. All froxlor installations prior to version 2.0.20 are affected.

💻 Affected Systems

Products:

froxlor

Versions: All versions prior to 2.0.20

Operating Systems: Any OS running froxlor

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Froxlor by Froxlor

View all CVEs affecting Froxlor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through admin account takeover, leading to data theft, service disruption, or lateral movement to underlying infrastructure.

🟠

Likely Case

Unauthorized access to froxlor admin panel, allowing configuration changes, user account manipulation, and potential privilege escalation.

🟢

If Mitigated

Failed login attempts logged but no successful compromise due to strong passwords and network controls.

🌐 Internet-Facing: HIGH - Web control panels are typically internet-facing and directly accessible.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they have network access to the froxlor instance.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST requests to login endpoint with different credentials. No authentication required to attempt exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.20

Vendor Advisory: https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6

Restart Required: No

Instructions:

1. Backup current froxlor installation and database. 2. Download froxlor 2.0.20 or newer from official repository. 3. Replace existing files with new version. 4. Run database update if prompted. 5. Verify login functionality.

🔧 Temporary Workarounds

Web Application Firewall Rate Limiting

linux

Implement rate limiting at WAF or reverse proxy level to restrict login attempts.

# Example nginx rate limiting
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
location /login {
    limit_req zone=login burst=10 nodelay;
}

IP-based Access Restriction

all

Restrict access to froxlor admin interface to trusted IP ranges only.

# Apache example
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
# Nginx example
allow 192.168.1.0/24;
deny all;

🧯 If You Can't Patch

Implement network-level rate limiting using firewall rules or WAF
Enforce strong password policies and enable multi-factor authentication if available

🔍 How to Verify

Check if Vulnerable:

Check froxlor version in admin panel or via command: grep 'version' /var/www/froxlor/lib/version.php

Check Version:

grep "\$version" /var/www/froxlor/lib/version.php | cut -d"'" -f2

Verify Fix Applied:

Verify version is 2.0.20 or higher and test login rate limiting by attempting multiple failed logins.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from same IP in short timeframe
Successful login after many failed attempts from same source

Network Indicators:

High volume of POST requests to /login endpoint
Unusual login patterns outside business hours

SIEM Query:

source="froxlor.log" ("login failed" OR "authentication failure") | stats count by src_ip | where count > 10

📊 Metadata

CVE ID: CVE-2023-3173

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-307

Published: June 9, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6 Patch
https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14 Exploit,Third Party Advisory
https://github.com/froxlor/froxlor/commit/464216072456efb35b4541c58e7016463dfbd9a6 Patch
https://huntr.dev/bounties/4d715f76-950d-4251-8139-3dffea798f14 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3173, you might also want to check these: