VestaCP Session Token Vulnerability in LoginAs Module Allowing Unauthorized Access

A session token vulnerability has been identified in VestaCP version 0.9.8-26, specifically within the LoginAs module. This vulnerability allows remote attackers to manipulate authentication tokens, exploiting inadequate token validation to access user accounts and initiate unauthorized login requests without the necessary administrative permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, allowing attackers to view sensitive information or perform actions on behalf of the user. Additionally, it could facilitate unauthorized access to administrative accounts, with potential for further privilege escalation.

Reproduction

The vulnerability can be reproduced by sending a GET request to the login endpoint with the 'loginas' parameter set to the target username and the 'token' parameter manipulated or omitted. This can be done without any administrative privileges or user interaction.