SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability
Dedecms <= v5.7.84 release
This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the GetCookie function. The issue results from a loose comparison check when verifying incoming authenticated requests. An attacker can leverage this vulnerability to bypass authentication on the system as a member user.
Dedecms has not issued an update to correct this vulnerability.
- 2021-10-21 - Sent to [email protected]
- 2021-11-08 - No response; re-sent a reminder to [email protected]
- 2021-11-22 - No response; public disclosure
Proof of Concept:
This vulnerability was discovered by Steven Seeley of Qihoo 360 Vulcan Team