Authentication flaw

2019-08-0917:15:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.111 Low

EPSS

Percentile

95.2%

JSON

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.

CPENameOperatorVersion
helpdesklt9.0.3

CPE	Name	Operator	Version
	helpdesk	lt	9.0.3

References

github.com/Kc57/JitBit_Helpdesk_Auth_Bypass

packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html

www.exploit-db.com/exploits/42776

www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day