Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug ] Authentication Bypass Vulnerability #418

Closed
us3r opened this issue Jun 21, 2022 · 1 comment
Closed

[Bug ] Authentication Bypass Vulnerability #418

us3r opened this issue Jun 21, 2022 · 1 comment
Milestone
3.1.5

Comments

@us3r
Copy link

us3r commented Jun 21, 2022
edited
Loading

Request Type

Bug

Work Environment

Question Answer
OS version (server) any
OS version (client) any
Cortex version / git hash 3.1.1-1 +
Package Type any
Browser type & version any

Problem Description

It has been observed that Cortex Version: 3.1.1-1 application is vulnerable to Authentication Bypass. An attacker with an account in the application is able to log into the account of any other application user (including the administrator) which in consequence may lead to a compromise of the application and each of its users.

Steps to Reproduce

  1. Prepare a POST request to /api/login with EMPTY password of existing user
  2. send the request

image

Possible Solutions

It is the same issue as on thehive 2391

Complementary information

tested on cortex integrated with AD
@To-om To-om added this to the 3.1.5 milestone Jun 22, 2022
@To-om To-om closed this as completed Jun 22, 2022
@To-om
Copy link
Contributor

To-om commented Jun 22, 2022

Fixed in 3.1.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.1.5
Development

No branches or pull requests
2 participants
@us3r @To-om