Skip to content

[Security] Broken Access Control - UserController #910

Description

@StephenClash
  • Name of software: eladmin
  • Project Link: https://github.com/elunez/eladmin
  • Affected Version: latest
  • Vulnerability Type: Broken Access Control / Function Level Authorization Bypass (CWE-284)
  • Vulnerability description and hazards: The user password reset endpoint allows any authenticated low-privilege user to reset another account's password by ID. The actual reproduction report shows that low permissions account resets the password of user id = 2, and the before/after user list diff confirms that the target account's stored password hash changes even though the attacker lacks the expected user-management permission boundary.
  • Vulnerability analysis and reproduction reports: https://drive.google.com/file/d/15oQCqvLWHZevYTHT9VWzAQRnLGxckZvn/view?usp=drive_link

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions