Brute Force of fabric-ca server admin account

Disclosed: 2022-08-06 17:36:44 By xiaoc To hyperledger
High
Vulnerability Details
## fabric-ca server - Default configuration maxenrollments value -1(enable outside enrollment) - Listening 0.0.0.0:7054(easily discoved and can be reached) - No limit to wrong password try Above conditions result in brute force to CA server admin account ## Impact ## Attack gain a high-level permissioned account to permissioned network and can add\delete\update\query
Actions
View on HackerOne
Report Stats
  • Report ID: 411364
  • State: Closed
  • Substate: resolved
  • Upvotes: 60
Share this report