icon

We found results for “

CVE-2022-22113

Date: January 13, 2022

Overview

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

Details

The “DayByDay” application is built on Laravel framework. It improperly terminates the session when a password has been changed. An already logged in user can still access the application even after password change. There is no session validation for an active session after the password change.

PoC Details

For demonstration purposes we will use two users:
Bob, a low privileged user.
Administrator, a highly privileged user.
Login to the application as Bob.
In another browser, login as Administrator and observe that Bob is online.
Now edit the user Bob from the “all users” page under the “users” section in the left panel.
Change the password of Bob.
Now in the first browser session, open the already logged in Bob account and press on “Create an Offer” under the Leads section, to check whether the user can still access the application after password change.
Proceed and create an offer with the necessary details needed to complete the form.
The data has been updated successfully, thus the session is still active even after the password was changed.

Affected Environments

bottelet/flarepoint - 2.2.0 through 2.2.1 (latest)

Remediation

The current session should be destroyed whenever a user requests for a password change.

Prevention

No fix was provided

Language: PHP

Good to know:

icon
icon

Insufficient Session Expiration

CWE-613
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privilegs Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): Single
Confidentiality (C): Partial
Integrity (I): Partial
Availability (A): None
Additional information: