Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2022-0076

Date: February 13, 2022

Overview

An insufficient session expiration vulnerability in Helpy 0.5.0 to 2.8.0 may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.

Details

Helpy does not clear the session from the server side once the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local access or by other hypothetical attacks.

PoC Details

Access the application and login into the application as an administrator. Copy the "_helpy_session" cookie details and logout from the application. Now browse the login page again and add a new cookie with the details you copied previously. Refresh the page and you will see that you are now logged in as the administrator.

Affected Environments

0.5.0 to 2.8.0

Prevention

No fix

Language: Ruby

Good to know:

icon

Insufficient Session Expiration

CWE-613
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Related Resources (2)

https://github.com/helpyio/helpy/blob/2.8.0/config/initializers/devise.rb#L14
https://www.mend.io/vulnerability-database/WS-2022-0076