SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability
CVE ID:
N/A
CVSS Score:
7.3, (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Vendors:
Dedecms
Affected Products:
Dedecms <= v5.7.84 release
Vulnerability Details:
This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the GetCookie function. The issue results from a loose comparison check when verifying incoming authenticated requests. An attacker can leverage this vulnerability to bypass authentication on the system as a member user.
Vendor Response:
Dedecms has not issued an update to correct this vulnerability.
Disclosure Timeline:
- 2021-10-21 - Sent to [email protected]
- 2021-11-08 - No response; re-sent a reminder to [email protected]
- 2021-11-22 - No response; public disclosure
Proof of Concept:
Credit:
This vulnerability was discovered by Steven Seeley of Qihoo 360 Vulcan Team