| 제목 | Dolibarr Dolibarr ERP/CRM 23.0.2 Authentication Bypass Issues |
|---|
| 설명 | Reported to vendor ([email protected]) on April 10, 2026.Description:
Critical Authentication Bypass via Cryptographic Downgrade
A high-impact authentication bypass vulnerability exists in Dolibarr ERP/CRM within the "Online Signature" module (newonlinesign.php and ajax/onlineSign.php).
The vulnerability is caused by a logic flaw in the dol_verifyHash function located in htdocs/core/lib/security.lib.php. The function improperly implements a cryptographic fallback mechanism that automatically downgrades to the legacy MD5 algorithm if the provided hash length is 32 characters.
In environments where the *_ONLINE_SIGNATURE_SECURITY_TOKEN (e.g., PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN) is not explicitly configured, the hashing seed remains an empty string. By exploiting this, an unauthenticated remote attacker can pre-calculate a valid MD5 hash based solely on predictable metadata (document type and reference).
By providing this forged 32-character MD5 hash as the securekey parameter, the attacker can successfully bypass all authentication checks.
Impact:
An unauthenticated attacker can gain full access to sensitive documents, including business proposals, contracts, and intervention reports. Furthermore, the attacker can forge, submit, or decline online signatures, compromising the integrity of the ERP’s legal and financial workflows.
Vulnerability Type: CWE-347 (Improper Verification of Cryptographic Signature) / CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). |
|---|
| 원천 | ⚠️ https://gist.github.com/Shaon-Xis/d6ae069fc54f006457b68a91d5a8e158 |
|---|
| 사용자 | yan1451 (UID 94854) |
|---|
| 제출 | 2026. 04. 10. AM 07:22 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 05. 02. PM 06:27 (22 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 360859 [Dolibarr ERP CRM 까지 23.0.2 Online Signature security.lib.php dol_verifyHash 약한 인증] |
|---|
| 포인트들 | 20 |
|---|