CVE-2024-5960
📋 TL;DR
CVE-2024-5960 is a plaintext password storage vulnerability in Eliz Software Panel that allows attackers to access stored credentials. This affects all Panel installations before version 2.3.24, potentially exposing administrative credentials to unauthorized users.
💻 Affected Systems
- Eliz Software Panel
📦 What is this software?
Panel by Elizsoftware
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through credential theft leading to administrative access, data exfiltration, and lateral movement within the network.
Likely Case
Unauthorized access to the Panel interface, configuration changes, and potential privilege escalation within the affected system.
If Mitigated
Limited impact if strong network segmentation, access controls, and monitoring are in place to detect credential access attempts.
🎯 Exploit Status
Exploitation requires access to the credential storage location, which may require some level of system access. The vulnerability is straightforward to exploit once the storage location is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.3.24
Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-24-1497
Restart Required: Yes
Instructions:
1. Backup current configuration and data. 2. Download v2.3.24 from official Eliz Software sources. 3. Stop the Panel service. 4. Install the update following vendor instructions. 5. Restart the Panel service. 6. Verify functionality.
🔧 Temporary Workarounds
Restrict File Access
linuxApply strict file permissions to prevent unauthorized access to credential storage files
chmod 600 /path/to/panel/credential/files
chown panel:panel /path/to/panel/credential/files
Network Segmentation
allIsolate Panel instances from untrusted networks and limit access to authorized IPs only
🧯 If You Can't Patch
- Implement strict access controls and monitoring on credential storage locations
- Deploy application firewalls and network segmentation to limit exposure
🔍 How to Verify
Check if Vulnerable:
Check Panel version in administration interface or configuration files. Versions below 2.3.24 are vulnerable.Check Version:
Check Panel web interface or configuration files for version informationVerify Fix Applied:
Confirm version is 2.3.24 or higher and check that credentials are no longer stored in plaintext format.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to credential storage files
- Multiple failed login attempts to Panel interface
- Unusual administrative activity
Network Indicators:
- Unexpected connections to Panel administration ports
- Traffic patterns indicating credential harvesting
SIEM Query:
source="panel_logs" AND (event="file_access" AND file_path="*credential*") OR (event="auth_failure" AND count>5)