icon

We found results for “

CVE-2021-25981

Date: January 3, 2022

Overview

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)

Details

Sessions in Talkyard are not terminated from the server-side once the user initiates a logout, which makes it possible for an attacker to reuse the admin cookies via other hypothetical attacks.

PoC Details

As the victim admin, login with your credentials. Export save the cookie values for later. Then proceed by logging out of the application.
Now, as an attacker, import the admin’s cookie values to the browser. Now refresh the page and you will notice that you are signed as the admin

Affected Environments

v0.2021.20 through v0.2021.34

Prevention

Upgrade to version v0.2021.35

Language: TYPE_SCRIPT

Good to know:

icon

Insufficient Session Expiration

CWE-613
icon

Upgrade Version

Upgrade to version tyse-v0.2021.35-33bd1b956-regular

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information: