Submit #808326: Industrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287), (CWE-200)info

TitelIndustrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287), (CWE-200)
BeschreibungA vulnerability was found in Industrial Application Software caniasERP 8.03 and classified as high. The affected function is doAction of the component Login RMI Interface (default TCP port 27499). The manipulation with an empty username and empty password leads to improper authentication causing pre-authentication information disclosure. It is possible to initiate the attack remotely without authentication. Despite returning a USERWRONGPASSWORD status code — correctly denying login — the server pre-loads a complete user profile into the response object before authentication validation completes. The already-populated response is returned to the unauthenticated caller containing the full profile of an arbitrary user record selected from the database. The returned user is non-deterministic across requests, meaning repeated calls may leak profiles of different system users. The disclosed data includes the user's full name, surname, username, a valid session ID freshly assigned per request, a security key, the caller's network address as seen by the server, the complete menu and module permission tree, database name, database server address, server timezone, and server filesystem paths. Exploitation requires the clientVersion field in the request to exactly match the server's expected version string. This string is obtainable without authentication via the companion GETSERVERINFO vulnerability, making the full attack chain require no prior knowledge or credentials. Discovered by Bilal Güneş (@b1lal) of HawkTrace.
Quelle⚠️ https://gist.github.com/0xb1lal/758bbc5e4d82efea248e675da934ac69
Benutzer
 b1lal (UID 97312)
Einreichung20.04.2026 18:30 (vor 1 Monat)
Moderieren09.05.2026 18:33 (19 days later)
StatusAkzeptiert
VulDB Eintrag362460 [Industrial Application Software IAS Canias ERP 8.03 Login RMI Interface clientVersion schwache Authentisierung]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!