| शीर्षक | mall 1.0.3 Improper Access Controls |
|---|
| विवरण | The POST /admin/update/{id} endpoint accepts a full UmsAdmin entity via@RequestBody, allowing any super administrator to overwrite another super administrator's password without knowing their current password — bypassing the purpose-built /admin/updatePassword endpoint that correctly requires old-password verification. This creates a lateral lockout attack vector: a single rogue super admin (or an attacker who compromises one super admin's JWT token) can silently change the passwords of all other super admins in a single pass, permanently locking them out of the system. The attack leaves no audit trail distinct from a routine profile update, and the same endpoint simultaneously leaks bcrypt password hashes through GET /admin/{id}, enabling offline credential cracking. While exploitation requires an existing super-admin credential, the impact is irreversible system-wide account takeover ,once all other super admins are locked out, the attacker gains exclusive privilegedaccess with no recovery path short of direct database manipulation. |
|---|
| स्रोत | ⚠️ https://github.com/macrozheng/mall/issues/970 |
|---|
| उपयोगकर्ता | AliceS614 (UID 94277) |
|---|
| सबमिशन | 03/05/2026 10:53 AM (1 महीना पहले) |
|---|
| संयम | 29/05/2026 10:39 AM (26 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367156 [macrozheng mall तक 1.0.3 Super Admin Password /admin/update/ अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|