CVE-2025-30236 in SecurAccess Enrol
Summary
by MITRE • 03/19/2025
Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/07/2025
The vulnerability identified as CVE-2025-30236 affects Shearwater SecurEnvoy SecurAccess Enrol versions prior to 9.4.515, presenting a critical authentication bypass flaw that undermines the security posture of the affected system. This vulnerability resides within the authentication mechanism of the SecurAccess Enrol component, which is designed to provide secure access control and authentication services. The flaw specifically manifests when an HTTP POST request includes a SESSION parameter, allowing unauthorized access without proper credential verification. The vulnerability represents a significant weakness in the authentication flow, potentially enabling attackers to gain system access without providing valid credentials.
The technical implementation of this vulnerability stems from insufficient input validation and authentication flow control within the SecurAccess Enrol application. When a SESSION parameter is present in an HTTP POST request, the system incorrectly processes this parameter and bypasses the standard password verification checks. This behavior creates a path where authentication can be achieved using only a six-digit TOTP code, eliminating the requirement for proper password authentication. The vulnerability essentially allows for a credential-stuffing attack vector where an attacker can leverage a valid TOTP code to authenticate without knowing the corresponding password, effectively creating a backdoor into the system. This flaw directly relates to CWE-287, which addresses improper authentication issues, and represents a failure in implementing proper multi-factor authentication controls.
The operational impact of this vulnerability is severe and far-reaching for organizations using affected versions of SecurEnvoy SecurAccess Enrol. Attackers can exploit this weakness to gain unauthorized access to protected systems, potentially leading to data breaches, system compromise, and unauthorized administrative access. The vulnerability's exploitation does not require extensive technical knowledge, making it particularly dangerous as it can be leveraged by attackers with minimal skill levels. Organizations may face regulatory compliance violations, financial losses, and reputational damage if this vulnerability is exploited successfully. The six-digit TOTP code, while providing some level of security, becomes insufficient when used in isolation without proper password verification, creating a false sense of security that can be easily circumvented.
Mitigation strategies for this vulnerability must focus on immediate remediation through the application of vendor patches and updates. Organizations should urgently upgrade to SecurEnvoy SecurAccess Enrol version 9.4.515 or later, which contains the necessary fixes to address the authentication bypass flaw. Network administrators should implement additional monitoring and logging controls to detect suspicious authentication attempts that may indicate exploitation of this vulnerability. The security team should also consider implementing network segmentation and access controls to limit the potential impact if the vulnerability is exploited. According to ATT&CK framework, this vulnerability relates to T1078 Valid Accounts and T1566 Phishing, as attackers may leverage this weakness to establish persistent access or conduct social engineering attacks. Organizations should also review their authentication policies and implement additional security controls such as account lockout mechanisms and enhanced monitoring of authentication events to detect and respond to potential exploitation attempts.