CVE-2018-8979 in Open-AudIT Professional
Summary
by MITRE
Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/06/2025
CVE-2018-8979 represents a cross-site request forgery vulnerability in Open-AudIT Professional version 2.1 that enables attackers to perform unauthorized actions on behalf of authenticated users. This vulnerability exists within the credentials URI handling mechanism of the web application, allowing malicious actors to manipulate user accounts or inject cross-site scripting payloads. The flaw stems from insufficient validation of request origins and lack of proper anti-CSRF token implementation in the application's authentication and user management interfaces. The vulnerability specifically affects the credential management functionality where users can modify account details or inject malicious scripts, creating a significant security risk for organizations relying on this auditing tool. The attack vector typically involves tricking authenticated users into clicking malicious links or visiting compromised websites that submit forged requests to the Open-AudIT application. This type of vulnerability falls under CWE-352, which categorizes cross-site request forgery flaws, and aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments. The operational impact includes potential account takeovers, privilege escalation, and persistent XSS attacks that could compromise entire user sessions. Organizations using Open-AudIT Professional 2.1 should immediately implement CSRF token validation, enforce strict origin checking mechanisms, and ensure all user management operations require proper authentication tokens. Additionally, the application should be updated to a patched version that addresses this vulnerability, as the default configuration leaves users exposed to session hijacking and data manipulation attacks. The vulnerability demonstrates poor input validation and insufficient request integrity checks that are fundamental security requirements for web applications handling user credentials and sensitive system functions. Security teams should conduct comprehensive penetration testing to identify similar CSRF vulnerabilities in other application components and implement robust web application firewalls to detect and prevent such attacks. The risk assessment should include evaluating the potential for privilege escalation through account modification and the broader impact on system integrity when attackers can inject malicious scripts through the credential management interface.