| 标题 | Mist.io Mist Community Edition (CE) 4.7.1 Improper Access Controls |
|---|
| 描述 | Description
Mist Community Edition (CE) before v4.7.2 is affected by a critical security vulnerability that allows unauthenticated attackers to generate valid API tokens for any user, including administrators. By exploiting this flaw, an attacker can gain unauthorized access to user accounts, leading to potential full account takeovers. The vulnerability arises due to improper access control in the token creation process, where the system fails to verify the authenticity of the requester, relying solely on the provided email address. This issue requires no user interaction and can be exploited remotely.
For full technical details, including proof of concept steps and video please refer to my GitHub repository in the "Advisory / Exploit" field below.
Affected Versions
Vulnerable: ≤ 4.7.1
Fixed: 4.7.2
Suggested Severity
9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vendor Coordination:
The vulnerability was responsibly disclosed to the Mist Community Edition maintainer. They acknowledged the report and explicitly agreed to a potential CVE assignment. A fix was implemented and released in version 4.7.2.
Mist CE Release 4.7.2 (Patched): https://github.com/mistio/mist-ce/releases/tag/v4.7.2
Fix Commit: https://github.com/mistio/mist.api/commit/db10ecb62ac832c1ed4924556d167efb9bc07fad
Discovered by
Alex Perrakis (Stolichnayer)
Efstratios Chatzoglou (efchatz)
Georgios Kambourakis |
|---|
| 来源 | ⚠️ https://github.com/Stolichnayer/mist-ce-account-takeover |
|---|
| 用户 | alexperrakis (UID 85369) |
|---|
| 提交 | 2025-05-23 12時40分 (1 年前) |
|---|
| 管理 | 2025-05-31 18時51分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 310749 [Mist Community Edition 直到 4.7.1 API Token views.py create_token 权限提升] |
|---|
| 积分 | 20 |
|---|