Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Remote Administration Portal

Last Updated: Apr 21, 2017 08:46PM CEST

A remote administration interface, a login intended for users with administration privileges, has been found. This in itself is not a vulnerability, but it is unnecessary exposure that could lead to an attack.

What can happen?

When such an interface is exposed towards anyone on the internet it allows for attacks against the system. This includes testing common passwords, trying different injection-related vulnerabilities against the login field, etc.

In the worst case scenario, the attacker actually succeeds in bypassing the login, but even if that does not happen, the number of attacks can become a performance issue. If the attacker actually manages to log in, they would be able to do everything a real administrator does, potentially causing a serious security issue.

Remediation

Do not use obvious paths/locations of the administration interface to prevent automated attacks. We have received several thousands of requests towards /admin on our own site which we do not even use, which goes to show that this is a very real concern.

If possible, limit the IP addresses that are allowed to visit the administration panel. This makes the login less mobile, but more secure. Whether this should be implemented or not depends on the situation. Please observe you still need to restrict access by username/password, solely IP restriction is not enough.

While the panel would still be exposed in this case, it is also recommended to add 2FA and a limit on failed login attempts to minimise the danger of the administration panel being publicly exposed.

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete