CVE-2017-18486

Опубликовано: 09 авг. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.

Ссылки

https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42776
Exploit
Third Party Advisory
VDB Entry
https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day
Third Party Advisory
https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass
Exploit
Third Party Advisory
https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/42776
Exploit
Third Party Advisory
VDB Entry
https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jitbit:helpdesk:*:*:*:*:*:*:*:*

Версия до 9.0.3 (исключая)

EPSS

Процентиль: 81%

0.01586

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-332

Связанные уязвимости

GHSA-xp26-jqrv-cc5r