| Название | Dolibarr Dolibarr ERP/CRM 23.0.2 Authentication Bypass Issues |
|---|
| Описание | Reported to vendor ([email protected]) on April 10, 2026.Description:
Critical Authentication Bypass via Cryptographic Downgrade
A high-impact authentication bypass vulnerability exists in Dolibarr ERP/CRM within the "Online Signature" module (newonlinesign.php and ajax/onlineSign.php).
The vulnerability is caused by a logic flaw in the dol_verifyHash function located in htdocs/core/lib/security.lib.php. The function improperly implements a cryptographic fallback mechanism that automatically downgrades to the legacy MD5 algorithm if the provided hash length is 32 characters.
In environments where the *_ONLINE_SIGNATURE_SECURITY_TOKEN (e.g., PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN) is not explicitly configured, the hashing seed remains an empty string. By exploiting this, an unauthenticated remote attacker can pre-calculate a valid MD5 hash based solely on predictable metadata (document type and reference).
By providing this forged 32-character MD5 hash as the securekey parameter, the attacker can successfully bypass all authentication checks.
Impact:
An unauthenticated attacker can gain full access to sensitive documents, including business proposals, contracts, and intervention reports. Furthermore, the attacker can forge, submit, or decline online signatures, compromising the integrity of the ERP’s legal and financial workflows.
Vulnerability Type: CWE-347 (Improper Verification of Cryptographic Signature) / CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). |
|---|
| Источник | ⚠️ https://gist.github.com/Shaon-Xis/d6ae069fc54f006457b68a91d5a8e158 |
|---|
| Пользователь | yan1451 (UID 94854) |
|---|
| Представление | 10.04.2026 07:22 (2 месяцы назад) |
|---|
| Модерация | 02.05.2026 18:27 (22 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 360859 [Dolibarr ERP CRM до 23.0.2 Online Signature security.lib.php dol_verifyHash слабая аутентификация] |
|---|
| Баллы | 20 |
|---|