Title | SOURCECODESTER Employee Task Management System 1.0 / changePasswordForEmployee.php Broken Authentication |
---|
Description | The Employee Task Management System: changePasswordForEmployee.php page is missing all types of authentication and authorization functionality which can allow a remote attacker to compromise all application user(s) accounts including admin.
Vendor Homepage:
https://www.sourcecodester.com
Software Link:
Employee Task Management System (https://www.sourcecodester.com/php/15383/employee-task-management-system-phppdo-free-source-code.html)
Version:
v 1.0
Affected Page:
changePasswordForEmployee.php
On this page, the application isn't verifying the authentication/authorization mechanism. Due to that, all the parameters are vulnerable to broken authentication.
Description:
Broken Authentication allows unauthenticated remote attackers to change the password of all/any application user(s).
Proof of Concept:
1- Visit the vulnerable page: changePasswordForEmployee.php
2- Type any random password which needs to update against any user_id and submit
3- Intercept that request through Burp Suite
4- update the user_id parameter with 1 (most of the application 1 is identical for admin user) and submit
5- The application will change the password and successfully log in to the application.
Recommendation:
Whoever uses this CMS, should update the authentication and authorization mechanism on top of the changePasswordForEmployee.php as per their requirement to avoid a Broken Authentication attack: |
---|
Source | ⚠️ https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Employee%20Task%20Management%20System%20-%20Broken%20Authentication.md |
---|
User | navaidansari (ID 41266) |
---|
Submission | 02/17/2023 22:56 (1 Year ago) |
---|
Moderation | 02/18/2023 08:39 (10 hours later) |
---|
Status | Accepted |
---|
VulDB Entry | 221454 |
---|