CVE-2023-30458

Vulnerability

The login functionality in Medicine Tracker System v1.0 [1] exhibits an observable timing discrepancy. When a valid username is submitted via the POST /php-mts/app/login.php endpoint, the response time increases with the length of the supplied password, whereas invalid usernames produce a consistent, shorter response time [2]. This behavior allows an attacker to differentiate valid from invalid usernames.

Exploitation

An attacker with network access to the application can exploit this issue without prior authentication [2]. The attack involves sending login requests to the vulnerable endpoint while measuring response times. Using a tool like Burp Suite Intruder, the attacker can submit a list of potential usernames and analyze the Response received and Response completed columns. A valid username will show a significantly longer response time compared to invalid ones [2].

Impact

Successful exploitation reveals which usernames are registered in the system [2]. This information disclosure can be leveraged for further attacks, such as targeted password guessing or credential stuffing, potentially leading to unauthorized account access [2].

Mitigation

As of the publication date, no official patch or fix has been released for Medicine Tracker System [1][2]. The vendor website does not indicate an update addressing this issue. Until a fix is available, administrators should consider implementing server-side response time normalization to eliminate timing differences, or restrict access to the login page to trusted networks [2].