| عنوان | Dolibarr Dolibarr ERP/CRM 23.0.2 Authentication Bypass Issues |
|---|
| الوصف | Reported to vendor ([email protected]) on April 10, 2026.Description:
Critical Authentication Bypass via Cryptographic Downgrade
A high-impact authentication bypass vulnerability exists in Dolibarr ERP/CRM within the "Online Signature" module (newonlinesign.php and ajax/onlineSign.php).
The vulnerability is caused by a logic flaw in the dol_verifyHash function located in htdocs/core/lib/security.lib.php. The function improperly implements a cryptographic fallback mechanism that automatically downgrades to the legacy MD5 algorithm if the provided hash length is 32 characters.
In environments where the *_ONLINE_SIGNATURE_SECURITY_TOKEN (e.g., PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN) is not explicitly configured, the hashing seed remains an empty string. By exploiting this, an unauthenticated remote attacker can pre-calculate a valid MD5 hash based solely on predictable metadata (document type and reference).
By providing this forged 32-character MD5 hash as the securekey parameter, the attacker can successfully bypass all authentication checks.
Impact:
An unauthenticated attacker can gain full access to sensitive documents, including business proposals, contracts, and intervention reports. Furthermore, the attacker can forge, submit, or decline online signatures, compromising the integrity of the ERP’s legal and financial workflows.
Vulnerability Type: CWE-347 (Improper Verification of Cryptographic Signature) / CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). |
|---|
| المصدر | ⚠️ https://gist.github.com/Shaon-Xis/d6ae069fc54f006457b68a91d5a8e158 |
|---|
| المستخدم | yan1451 (UID 94854) |
|---|
| ارسال | 10/04/2026 07:22 AM (2 أشهر منذ) |
|---|
| الاعتدال | 02/05/2026 06:27 PM (22 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360859 [Dolibarr ERP CRM حتى 23.0.2 Online Signature security.lib.php dol_verifyHash توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|