Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 10, 2021
OverviewIn “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.
DetailsThe “Calibre-web” application is vulnerable to “Cross site request forgery”. By forcing an authenticated user to submit a request , it is possible to create a new user role with admin privileges.
PoC DetailsFor demonstration purposes we will use two users:
1. Alice, a user of the application.
2. Admin, an administrator user.
Login into the application as Alice, and in another browser login in as Admin.
As Admin, navigate to the “Users”' tab under the “Security” section on the left panel. You can see Alice listed there. Press on “Edit Password” for Alice, and change the password.
Meanwhile, Alice is connected on a different browser, and can still access the account and perform some actions (upload pages, etc..) even after the password has been changed.
Affected EnvironmentsOrchardCore versions versions 1.0.0-beta1-3383 to 1.0.0
RemediationMake sure the current session of a user gets invalidated when their password is changed, and cannot be reused.
PreventionNo fix was provided by the maintainer.
Good to know:
No fix version available
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||None|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Low|