Remote Administration Portal

A remote administration interface, a login intended for users with administration privileges, has been found. This in itself is not a vulnerability, but it is unnecessary exposure that could lead to an attack.

What can happen?

When such an interface is exposed towards anyone on the internet it allows for attacks against the system. This includes testing common passwords, trying different injection-related vulnerabilities against the login field, etc.

In the worst case scenario, the attacker actually succeeds in bypassing the login, but even if that does not happen, the number of attacks can become a performance issue. If the attacker actually manages to log in, they would be able to do everything a real administrator does, potentially causing a serious security issue.

Remediation

Do not use obvious paths/locations of the administration interface to prevent automated attacks. We have received several thousands of requests towards /admin on our own site which we do not even use, which goes to show that this is a very real concern.

If possible, limit the IP addresses that are allowed to visit the administration panel. This makes the login less mobile, but more secure. Whether this should be implemented or not depends on the situation. Please observe you still need to restrict access by username/password, solely IP restriction is not enough.

While the panel would still be exposed in this case, it is also recommended to add 2FA and a limit on failed login attempts to minimise the danger of the administration panel being publicly exposed.