Authentication Bypass for FreeScout End-User Portal# FreeScout End-User Portal Authentication Bypass Exploit (CVE-2023-52268)
## Overview
This exploit targets a vulnerability in the **FreeScout End-User Portal Module** (versions below 1.0.65) that allows an attacker to bypass authentication through improper session token management. By generating and testing session tokens, the attacker can gain unauthorized access to the ticketing system, impersonating users and accessing their support tickets. Crucially, the generated session tokens are mapped to other users than the one requesting the magic link authentication, allowing attackers to impersonate arbitrary users. If an administrative account session is compromised, the attacker gains full access to all support tickets on the platform.
### Why tho
The exploit takes advantage of weak session token management in the FreeScout End-User Portal's magic link authentication mechanism. Session tokens are **incorrectly mapped to other users** than the one initiating the request, meaning an attacker can generate session tokens that belong to different users on the platform. This flaw allows attackers to impersonate users and access their support tickets without needing to know their credentials.
### Impact
Support tickets often contain **sensitive information**, such as:
- User credentials for corporate systems / SaaS solutions
- Personal identifiable information (PII)
- Internal communications between users and support staff
### Responsible Disclosure
Vendor Notified: Yes <br>
Fix Available: Update FreeScount End-User Portal to latest version.
[4.0K] /data/pocs/245db9dae614a45bf54aee6946650651f091f72a
├── [2.2K] exploit.py
└── [1.5K] README.md
0 directories, 2 files