| タイトル | AstrBotDevs AstrBot <= 4.25.5 Authentication Bypass by Spoofing (CWE-290) |
|---|
| 説明 | # Technical Details
An authentication bypass by spoofing exists in the `OpenApiRoute.chat_send` method in `astrbot/dashboard/routes/open_api.py` of AstrBot.
The application authenticates OpenAPI callers with an API key, but later derives the effective command sender identity from the request-body `username`. A caller holding a valid `chat`-scope API key can submit `username="astrbot"` and be treated as an administrator by the downstream message pipeline.
# Vulnerable Code
File: `astrbot/dashboard/server.py`
Method: OpenAPI API-key middleware
Why: The middleware stores the trusted authenticated principal as `g.username = f"api_key:{api_key.key_id}"`.
File: `astrbot/dashboard/routes/open_api.py`
Method: `OpenApiRoute.chat_send`
Why: The handler accepts user-controlled JSON `username`, resolves it, and overwrites the trusted principal with `g.username = effective_username`.
File: `astrbot/core/platform/sources/webchat/webchat_adapter.py`
Method: `WebChatAdapter.convert_message`
Why: The adapter creates the sender object from attacker-controlled queue data using `MessageMember(username, username)`.
File: `astrbot/core/pipeline/waking_check/stage.py`
Method: `WakingCheckStage.process`
Why: The admin authorization check trusts `event.get_sender_id()` and assigns `event.role = "admin"` when it matches `admins_id`.
# Reproduction
1. Run AstrBot `<= 4.25.5` with dashboard and OpenAPI endpoints enabled.
2. Create a valid OpenAPI key with `chat` scope.
3. Send a control request to `POST /api/v1/chat` with `username="not-admin-user"` and message `"/name control_alias"`; observe that the admin-only command is denied.
4. Send an exploit request to `POST /api/v1/chat` with header `X-API-Key: <chat-scope-api-key>` and JSON body `{"username":"astrbot","session_id":"spoofed-session","message":"/name pwned_alias","enable_streaming":true}`.
5. Observe that the response contains `UMO name set to: pwned_alias`.
6. Confirm persistence in `data/data_v4.db` where the alias row has `creator_sender_id="astrbot"`.
# Impact
- A valid `chat`-scope API key holder can impersonate an administrator sender ID.
- Admin-only builtin commands and plugins gated by `event.get_sender_id()` can become reachable over HTTP.
- In the verified case, the attacker executed `/name` and persisted a forged alias record as the administrator identity. |
|---|
| ソース | ⚠️ https://gist.github.com/YLChen-007/080ba55a71588dbbba3f27afed4c072c |
|---|
| ユーザー | Eric-d (UID 96861) |
|---|
| 送信 | 2026年06月09日 12:05 (1 月 ago) |
|---|
| モデレーション | 2026年07月17日 15:39 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 379791 [AstrBotDevs AstrBot 迄 4.25.5 API open_api.py OpenApiRoute.chat_send ユーザー名 弱い認証] |
|---|
| ポイント | 20 |
|---|