Vendor of the product(s): Deciso B.V.
Product Name: OPNSense
Version: OPNSense23.1
Affected component: OPNSense login page
Attack vector: Custom list of usernames and passwords
Suggested description of the vulnerability for use in the CVE: The OPNSense firewall login page does not impose rate limits, making it susceptible to brute-force attacks against the login page. Attackers can exploit this vulnerability to systematically attempt various username and password combinations until successful authentication is achieved.
STEPS
1. Login to the application by visiting the following URL: http://10.118.20.160/
(https://github.com/osTicket/osTicket/releases)
2. Capture the request in Burp Suite containing the login credentials.
3. Send the captured request to the intruder and initiate a brute force attack on the Password parameter.
4. Configure the payload size to be 100+ and commence the attack.
5. Succesfully identify the correct password - admin@123.
6. Gain successful access to the application.