| Title | Kodbox 1.64 Improper Access Controls |
|---|
| Description | In kodbox, when a collaborative folder is shared internally and protected with a folderPassword, only directory listing APIs (such as explorer/list/path) actually enforce this password. The core access control logic in app/controller/explorer/auth.class.php::can() returns after checking checkShare() for KOD_SHARE_ITEM paths and skips the subsequent folder password checks. As a result, a low-privilege collaborator who cannot list the folder contents without entering the password can still directly download files from that folder using explorer/index/fileOut with a path like {shareItem:<shareID>}/<fileSourceID>, completely bypassing the folder password barrier.
Fixing this requires applying explorer.listPassword->authCheck() and related checks to share-item paths as well, and centralizing folder password enforcement so that it runs before all read operations (file download, editor read, zip download, etc.), not just on listing endpoints. |
|---|
| Source | ⚠️ https://vulnplus-note.wetolink.com/share/xdk9igJ3sulk |
|---|
| User | vulnplusbot (UID 96250) |
|---|
| Submission | 03/09/2026 05:12 (1 month ago) |
|---|
| Moderation | 03/25/2026 15:11 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353128 [kalcaddle kodbox 1.64 Password-protected Share auth.class.php can improper authentication] |
|---|
| Points | 20 |
|---|