CVE-2023-34732 PoC — Flytxt NEON-dX 安全漏洞

Source

Associated Vulnerability

Readme

# CVE-2023-34732 Authenticated Function Abuse for Account Takeover 

# Description

An attacker can brute-force any user's password (including admins) using the userId parameter in the change password functionality and update the user's password to a new one chosen by the attacker.

 ------------------------------------------
  
# CVSS Score: 8.8 (High)

------------------------------------------
 Attack Type

 * Remote (Authenticated)
   
------------------------------------------

 Affected Versions

* versions before <= v0.0.1

------------------------------------------
 Vendor of Product

*  Flytxt - NEON-dX

 ------------------------------------------

  Affected Product Code Base
  
* NEON-dX - v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c

 ------------------------------------------

  Affected Component
  
* change password function.

 ------------------------------------------ 
 
 Mitigations

* Update password functionality should be based on the session cookie rather userId parameter.
* Use request rate limit.
  
------------------------------------------
Vulnerability Details

* The change password functionality relies on the userId parameter rather than the currently authenticated session or token. This allows an attacker to enumerate or brute-force other users' identifiers and reset their passwords, resulting in account takeover

------------------------------------------

 Fixed versions
 * v0.0.1 > versions after
 
------------------------------------------

 Discoverer
 * Yazan Abu-Nadi

File Snapshot

 [4.0K]  /data/pocs/919e1ea8ebdc816eff6ebff575701fc4496d9637
└── [1.5K]  README.md

0 directories, 1 file

Remarks