| عنوان | Kodbox 1.64 Incorrect Authorization |
|---|
| الوصف | kodbox’s 2FA implementation contains two critical logic flaws. When 2FA is enabled (tfaOpen=1), the login flow only triggers a 2FA challenge if the client explicitly sends withTfa=0; if withTfa is omitted, the server skips 2FA entirely and issues a full access token based solely on username and password. Separately, in the 2FA verification step, setting wiotTfa=1 causes tfaVerify() to bypass OTP validation and complete the login directly.
Together, these issues mean that any attacker with valid credentials can log in without supplying a second factor, even for accounts that “require” 2FA, including the administrator. To fix this, 2FA must be enforced purely server-side whenever enabled, all client-side bypass flags (withTfa, wiotTfa) must be removed or tightly controlled, and all successful logins must depend on a verified 2FA code tied to a secure, short-lived server-generated challenge. |
|---|
| المصدر | ⚠️ https://vulnplus-note.wetolink.com/share/S6CMNnndYUXU |
|---|
| المستخدم | vulnplusbot (UID 96250) |
|---|
| ارسال | 09/03/2026 04:37 AM (2 أشهر منذ) |
|---|
| الاعتدال | 22/03/2026 12:40 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 352428 [kalcaddle kodbox 1.64 Password Login index.class.php loginAfter/tfaVerify توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|