icon

We found results for “

CVE-2021-25956

Date: August 17, 2021

Overview

In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.

Details

The “Dolibarr” application has “Modify” access for admin level users to change other user’s details but fails to validate already existing login names, while renaming the user login; which leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.

PoC Details

For demonstration purposes we will use three users: “admin” (administrator), “test” (low privileged user) and “ron” (low privileged user). Login as admin. Then go to User and Groups> List of Users. Go to existing ron > Modify > Save. After that, go back to the list, go to test> modify, and change the Login field from “test” to “ron”.

Affected Environments

v3.3.beta1_20121221 to v13.0.2

Prevention

Upgrade to version 14.0.0

Language: PHP

Good to know:

icon

Authentication Issues

CWE-287

Improper Access Control

CWE-284
icon

Upgrade Version

Upgrade to version dolibarr/dolibarr - 14.0.0

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): Single
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): Partial
Additional information: