CVE-2021-27188 PoC — Sovremennye Delovye Tekhnologii FX Aggregator 安全漏洞

Source

https://github.com/jet-pentest/CVE-2021-27188

Associated Vulnerability

Title:Sovremennye Delovye Tekhnologii FX Aggregator 安全漏洞 (CVE-2021-27188)
Description:Sovremennye Delovye Tekhnologii FX Aggregator 存在安全漏洞，该漏洞源于攻击者可利用该漏洞通过对受害者的账户进行5次无效登录尝试来导致拒绝服务。

Readme

# CVE-2021-27188

## [Suggested description]
The FX Aggregator terminal client by "Sovremennye Delovye Tekhnologii" allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.

## [VulnerabilityType Other]
DoS

## [Vendor of Product]
OOO Sovremennye Delovye Tekhnologii

## [Affected Product Code Base]
Fx-agreggator terminal client - 1

## [Affected Component]
affected executable

## [Attack Type]
Remote

## [Impact Denial of Service]
true

## [Attack Vectors]
To exploit vulnerability someone should try to login as other user with invalid credentials for 5 times. Valid user will be blocked for 5 hours.

## [Has vendor confirmed or acknowledged the vulnerability?] 
true

## [Discoverer]
Maria Kononova, Dmitry Kuramin (Jet Infosystems, jet.su)

## [Reference]
https://sdt-fx.ru/

File Snapshot


 [4.0K]  /data/pocs/fdd80734f90f22eac66149750cc9aefa3b582ccc
└── [ 867]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!