| عنوان | crocodilestick Calibre-Web-Automated v1.0.0-v4.0.6 IDOR in auth-token generation leading to account takeover |
|---|
| الوصف | An Insecure Direct Object Reference (IDOR) vulnerability in crocodilestick/Calibre-Web-Automated allows an authenticated user to impersonate any other user on the platform. The endpoint /kobo_auth/generate_auth_token/<int:user_id> does not validate if the requester has administrative privileges or matches the targeted user_id. An attacker can generate a long-lived auth token for a victim and use it against the /kobo/<auth_token>/v1/initialization route. user_id is an integer that increments from 1, so it is easy to guess the administrator's user_id. Because the application calls login_user(user) based on the token owner within the requires_kobo_auth decorator, this leads to a complete session takeover and persistent impersonation of the victim. |
|---|
| المصدر | ⚠️ https://gist.github.com/menelausx/ef98aa78ed2869ccaa316ff45ed1a440 |
|---|
| المستخدم | JasperX (UID 97281) |
|---|
| ارسال | 16/04/2026 08:52 AM (2 أشهر منذ) |
|---|
| الاعتدال | 03/05/2026 09:59 AM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 360889 [crocodilestick Calibre-Web-Automated حتى 4.0.6 Kobo auth-token Route cps/kobo_auth.py generate_auth_token تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|