Login Sign Up

CVE-2023-40834

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

OpenCart CMS v4.0.2.2 lacks rate limiting on its login page, allowing unauthenticated attackers to perform brute force attacks against administrator passwords. This vulnerability affects all OpenCart installations running the vulnerable version, potentially compromising the entire e-commerce platform.

💻 Affected Systems

Products:
  • OpenCart CMS
Versions: 4.0.2.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects OpenCart installations with administrator login pages accessible. Default installations are vulnerable.

📦 What is this software?

Opencart by Opencart

View all CVEs affecting Opencart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete administrative takeover leading to data theft, defacement, malware injection, and full control over the e-commerce store including customer data and payment systems.

🟠

Likely Case

Administrative account compromise allowing attackers to modify products, steal customer data, and potentially inject malicious code into the storefront.

🟢

If Mitigated

Failed login attempts logged but no successful compromise due to rate limiting or strong password policies.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple brute force tools can exploit this vulnerability without authentication. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.2.3 or later

Vendor Advisory: https://www.opencart.com/

Restart Required: No

Instructions:

1. Backup your OpenCart installation and database. 2. Download the latest OpenCart version from the official website. 3. Replace the vulnerable files with patched versions. 4. Clear cache and verify functionality.

🔧 Temporary Workarounds

Implement Web Application Firewall (WAF)

all

Configure WAF rules to limit login attempts from single IP addresses.

Add Rate Limiting via .htaccess

linux

Implement IP-based rate limiting for login requests using Apache mod_evasive or similar.

# Add to .htaccess
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

🧯 If You Can't Patch

  • Implement strong password policies (16+ characters, complexity requirements)
  • Restrict access to admin login page via IP whitelisting or VPN

🔍 How to Verify

Check if Vulnerable:

Check OpenCart version in admin panel or system/info.php. If version is exactly 4.0.2.2, it's vulnerable.

Check Version:

Check admin dashboard or view system/info.php in browser

Verify Fix Applied:

After patching, attempt multiple rapid login attempts from same IP. System should block or delay attempts after threshold.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts from same IP address
  • Unusual login patterns outside business hours

Network Indicators:

  • High volume of POST requests to /admin/index.php?route=common/login
  • Multiple authentication failures from single source

SIEM Query:

source="opencart_logs" action="login_failed" | stats count by src_ip | where count > 10

📊 Metadata

CVE ID: CVE-2023-40834
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-307
Published: September 12, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40834, you might also want to check these:

CVE-2023-1665 9.8

This vulnerability allows attackers to perform unlimited authentication attempts against Twake insta...

Same vulnerability type (CWE-307)
CVE-2020-28212 9.8

This vulnerability allows attackers to perform brute force attacks against the PLC Simulator in EcoS...

Same vulnerability type (CWE-307)
CVE-2024-9342 9.8

CVE-2024-9342 allows attackers to perform unlimited brute-force login attempts against Eclipse Glass...

Same vulnerability type (CWE-307)