一、 漏洞 CVE-2024-10924 基础信息
漏洞信息
# Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - 认证绕过漏洞
## 漏洞概述
Really Simple Security (Free, Pro, and Pro Multisite) 插件在版本 9.0.0 到 9.1.1.1 中存在认证绕过漏洞。该漏洞是由两因素 REST API 操作中 `'check_login_and_get_user'` 函数的错误处理不当导致的。这使得未认证的攻击者有可能登录为站点上的任何现有用户(如管理员)。
## 影响版本
- 9.0.0 到 9.1.1.1
## 漏洞细节
- 特定位置:两因素 REST API 操作
- 涉及函数:`'check_login_and_get_user'`
- 问题原因:错误处理不当
## 影响
- 允许未认证的攻击者登录为任一现存用户,尤其是在启用了“两因素认证”设置的情况下(默认状态下该设置被禁用)。
神龙判断
是否为 Web 类漏洞: 是
判断理由:
是。这个漏洞存在于WordPress的Really Simple Security插件中,影响了其9.0.0到9.1.1.1版本。由于在两步验证REST API动作中‘check_login_and_get_user’函数的用户检查错误处理不当,导致未认证的攻击者可以在两步验证设置被启用的情况下,作为任何现有用户(包括管理员)登录网站。这是一个典型的服务端漏洞,因为它涉及到服务器端的安全验证机制被绕过。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
使用候选路径或通道进行的认证绕过
来源:美国国家漏洞数据库 NVD
漏洞标题
WordPress plugin Really Simple Security 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Really Simple Security 9.0.0版本到9.1.1.1版本存在安全漏洞,该漏洞源于包含一个身份验证绕过漏洞。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-10924 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass | https://github.com/RandomRobbieBF/CVE-2024-10924 | POC详情 |
| 2 | CVE-2024-10924 Authentication Bypass Using an Alternate Path or Channel (CWE-288) | https://github.com/FoKiiin/CVE-2024-10924 | POC详情 |
| 3 | WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk! | https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application | POC详情 |
| 4 | Simple Python script | https://github.com/MattJButler/CVE-2024-10924 | POC详情 |
| 5 | Exploits Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). | https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-exploit | POC详情 |
| 6 | None | https://github.com/julesbsz/CVE-2024-10924 | POC详情 |
| 7 | Exploit for CVE-2024-10924 -> Really Simple Security < 9.1.2 authentication bypass | https://github.com/dua1337/Exploit-for-CVE-2024-10924 | POC详情 |
| 8 | Bypass del MFA en WordPress con el plugin Really Simple Security instalado entre las versiones 9.0.0 – 9.1.1.1. | https://github.com/Maalfer/CVE-2024-10924-PoC | POC详情 |
| 9 | None | https://github.com/D1se0/CVE-2024-10924-Bypass-MFA-Wordpress-LAB | POC详情 |
| 10 | None | https://github.com/Hunt3r850/CVE-2024-10924-PoC | POC详情 |
| 11 | None | https://github.com/Hunt3r850/CVE-2024-10924-Wordpress-Docker | POC详情 |
| 12 | Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass | https://github.com/Nxploited/CVE-2024-10924-Exploit | POC详情 |
| 13 | None | https://github.com/cy3erdr4g0n/CVE-2024-10924 | POC详情 |
| 14 | A Proof-of-Concept (PoC) exploit for CVE-2024-10924, a vulnerability in the Really Simple SSL WordPress plugin that allows bypassing two-factor authentication (2FA). Includes mitigation techniques to secure affected WordPress sites. | https://github.com/h8sU/wordpress-cve-2024-10924-exploit | POC详情 |
| 15 | None | https://github.com/sariamubeen/CVE-2024-10924 | POC详情 |
| 16 | WordPress CVE-2024-10924 Exploit for Really Simple Security plugin | https://github.com/MaleeshaUdan/wordpress-CVE-2024-10924--exploit | POC详情 |
| 17 | CVE-2024-10924 - Authentication Bypass in ReallySimpleSSL Wordpress Plugin | https://github.com/sharafu-sblsec/CVE-2024-10924 | POC详情 |
| 18 | None | https://github.com/OliveiraaX/-CVE-2024-10924 | POC详情 |
| 19 | The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-10924.yaml | POC详情 |
| 20 | None | https://github.com/ademto/wordpress-cve-2024-10924-pentest | POC详情 |
| 21 | None | https://github.com/bodoinon/CVE-2024-10924 | POC详情 |
三、漏洞 CVE-2024-10924 的情报信息
标题: class-rsssl-two-factor-on-board-api.php in really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa – WordPress Plugin Repository -- 🔗来源链接
标签:
标题: class-rsssl-two-factor-on-board-api.php in really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa – WordPress Plugin Repository -- 🔗来源链接
标签:
标题: Changeset 3188431 for really-simple-ssl – WordPress Plugin Repository -- 🔗来源链接
标签:
神龙速读:从这个网页截图中,我们可以获取到以下关于漏洞的关键信息: 1. **插件名称**:`really-simple-ssl` 2. **版本号**:`9.1.2` 3. **漏洞类型**:`security: authentication bypass` 4. **漏洞描述**:`* security: authentication bypass` 5. **受影响的文件**: - `trunk/readme.txt` - `trunk/rlrssl-really-simple-ssl.php` - `trunk/security/wordpress/two-fa/class-rsssl-request-parameters.php` - `trunk/security/wordpress/two-fa/class-rsssl-two-factor-on-board-api.php` - `trunk/security/wordpress/two-fa/class-rsssl-two-factor.php` 这些信息表明,`really-simple-ssl`插件的`9.1.2`版本存在一个安全漏洞,导致身份验证绕过。受影响的文件包括插件的读取说明文件和与安全相关的类文件。
标题: Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass -- 🔗来源链接
标签:
神龙速读:从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. **漏洞名称**:Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass 2. **漏洞描述**:由于在两步验证REST API中的'check_login_and_get_user'函数的错误处理不当,未授权的攻击者可以在启用两步验证的情况下以任何现有用户的身份登录,包括管理员。 3. **CVSS评分**:9.8 (Critical) 4. **公开发布日期**:2024年11月14日 5. **更新日期**:2024年11月15日 6. **研究者**:István Márton - Wordfence 7. **受影响的软件包**: - Really Simple Security - Simple and Performant Security (formerly Really Simple SSL) - Really Simple Security Pro - Really Simple Security Pro multisite 8. **修复状态**: - Really Simple Security - Simple and Performant Security (formerly Really Simple SSL):已修复 - Really Simple Security Pro:已修复 - Really Simple Security Pro multisite:已修复 9. **受影响的版本范围**: - Really Simple Security - Simple and Performant Security (formerly Really Simple SSL):9.0.0 - 9.1.1.1 - Really Simple Security Pro:9.0.0 - 9.1.1.1 - Really Simple Security Pro multisite:9.0.0 - 9.1.1.1 10. **修复版本**: - Really Simple Security - Simple and Performant Security (formerly Really Simple SSL):9.1.2 - Really Simple Security Pro:9.1.2 - Really Simple Security Pro multisite:9.1.2 这些信息可以帮助用户了解漏洞的严重性、受影响的范围以及如何修复。
标题: 4,000,000 WordPress Sites Using Really Simple Security Free and Pro Versions Affected by Critical Authentication Bypass Vulnerability -- 🔗来源链接
标签:
标题: class-rsssl-two-factor-on-board-api.php in really-simple-ssl/tags/9.1.1.1/security/wordpress/two-fa – WordPress Plugin Repository -- 🔗来源链接
标签:
- https://nvd.nist.gov/vuln/detail/CVE-2024-10924
四、漏洞 CVE-2024-10924 的评论
暂无评论