An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function.
If the password change request is intercepted and a sufficiently long(1MB) string is supplied as the password to use, system resources will be overwhelmed by the attempt to hash the password and cause a DoS.
- Generate a 1MB long string.
- Intercept request using Burpsuite or similar, send it to Intruder and set the new and confirmation passwords as payload positions.
- Load the file generated in step 1 as a payload.
- Once the attack is started, resource usage should skyrocket and the Silverpeas application will become unresponsive.
