WhiteSource Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: September 29, 2021
OverviewIn “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
DetailsSuiteCRM application fails to properly invalidate password reset links associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.
PoC DetailsFor demonstration purposes we'll use 2 users -
1. Ron - low privileged user
2. Admin - administrator user
Navigate to “Forgot password”, enter username as Ron and email which was configured for Ron's account.A password reset link would be received at the email address. Save the password reset link.
Now login as Admin, go to “employees” and delete the user Ron.
Now go to “admin”, “User management” and create a new user with user id Ron. Then, logout and use the saved reset password link and reset password for user Ron.
Note: In order for this POC to work, you must configure the SMTP settings.
Affected Environmentsv7.1.7 - v7.10.31 and v7.11-beta - v7.11.20
PreventionUpgrade to version v7.10.32, v7.11.21 or higher
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|