CVE-2023-53775 in Screen SFT DAB
Summary
by MITRE • 12/11/2025
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials without proper authentication.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/02/2026
The vulnerability identified as CVE-2023-53775 affects Screen SFT DAB version 1.9.3 and represents a critical authentication bypass flaw that undermines the system's user management security controls. This vulnerability stems from insufficient session management mechanisms that fail to properly validate session authenticity and user authorization status. The flaw specifically targets the userManager API endpoint, which handles user credential modifications, creating a pathway for unauthorized individuals to manipulate user accounts without legitimate authentication credentials.
The technical implementation of this vulnerability exploits weak session management controls that allow attackers to reuse IP-bound session identifiers. This weakness creates a scenario where session tokens remain valid across different user contexts, enabling an attacker to intercept a valid session identifier and leverage it to make unauthorized requests to the userManager API. The session reuse capability bypasses standard authentication mechanisms because the system does not properly validate that the session identifier corresponds to the requesting user's current session state or IP address binding. This type of vulnerability aligns with CWE-613, which addresses insufficient session expiration, and represents a classic case of session hijacking through weak session management controls.
The operational impact of this vulnerability is severe as it provides attackers with the ability to modify user credentials without proper authentication, potentially leading to complete account compromise and unauthorized system access. An attacker could change passwords for any user account within the system, effectively gaining persistent access to user resources and potentially escalating privileges to administrative levels. The vulnerability affects the integrity and confidentiality of user data, as unauthorized modifications to user credentials can result in unauthorized access to sensitive information and system resources. This weakness directly impacts the system's authentication and authorization mechanisms, undermining the principle of least privilege and potentially enabling lateral movement within the network.
Mitigation strategies for this vulnerability should focus on implementing robust session management controls that include proper session token generation, validation, and expiration mechanisms. Organizations should implement session binding that ties session identifiers to specific IP addresses and user agents, ensuring that session tokens cannot be reused across different contexts. The system should enforce strict session validation checks that verify session authenticity before allowing access to privileged API endpoints like userManager. Additionally, implementing multi-factor authentication and regular session token rotation can significantly reduce the risk of session hijacking. Security controls should also include monitoring and logging of session activities to detect anomalous access patterns that might indicate session reuse attempts. This vulnerability demonstrates the importance of following secure coding practices and adhering to the principle of defense in depth as outlined in the NIST Cybersecurity Framework and aligns with ATT&CK technique T1566 which covers credential harvesting through session hijacking and credential reuse attacks.