Posts Rukovoditel | CSRF Bypass -> Account Takeover - CVE-2020-11818
Post
Cancel

Rukovoditel | CSRF Bypass -> Account Takeover - CVE-2020-11818

Jan 14, 2020 2020-01-14T11:33:00+08:00 by Fatih Çelik
1 min

Vendorhttps://sourceforge.net/projects/rukovoditel/

Version: 2.5.2

Vulnerability: CSRF Bypass -> Account Takeover

CVE: CVE-2020-11818

CVSS 3.x Base Score8.8 HIGH

Rukovoditel is a free web-based open-source project management application. A far cry from traditional applications, Rukovoditel gives users a broader and extensive approach to project management. Its customization options allow users to create additional entities, modify and specify the relationship between them, and generate the necessary reports. The platform enables users to craft their own application that is specifically tailored for their activity (CRM, ERP, HRM, WMS, etc.).

In Rukovoditel V2.5.2 has form_session_token to prevent CSRF attacks. But this prevention mechanism can be bypassed with another user’s valid token. So, attacker can change Admin’s password using CSRF attack and takeover admin’s account.

As you can see below, attacker obtains her/his valid form_session_token and inject this token into admin’s form to be able to change admin’s password.

Vulnerability Research
vulnerability research
This post is licensed under CC BY 4.0 by the author.
Recent Update

Rukovoditel - Maintenance Mode Configuration | RCE - CVE-2020-11817

Rukovoditel | RCE | Local File Inclusion | CVE-2020-11819