Improper Authentication in Burden

2013-12-1800:00:00

High-Tech Bridge

www.htbridge.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.102 Low

EPSS

Percentile

94.4%

JSON

High-Tech Bridge Security Research Lab discovered vulnerability in application authentication mechanism in Burden, which can be exploited by remote non-authenticated attacker to gain administrative access to the vulnerable application.

Improper Authentication in Burden: CVE-2013-7137
The vulnerability exists due to insufficient authentication when handling “burden_user_rememberme” cookie parameter. A remote unauthenticated user can set “burden_user_rememberme” cookie to “1” and gain administrative access to the application.
The exploitation example below shows HTTP GET request that grants administrative privileges to the user:
GET /login.php HTTP/1.1
Cookie: burden_user_rememberme=1;
The cookie can be also changed using a browser plugin such as Firebug for FireFox.