NCR Terminal Handler Arbitrary User Account Management Vulnerability

A vulnerability in NCR Terminal Handler version 1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts by manipulating session cookies. Exploitation involves sending crafted requests that are processed successfully, as demonstrated by a proof-of-concept where an admin account was deactivated and a user account was deleted using another account from the same security group.

Impact

Exploitation of this vulnerability allows for unauthorized deactivation, locking, and deletion of user accounts, potentially leading to a denial-of-service condition for affected users.

Reproduction

To reproduce this vulnerability, an authenticated user with low-level privileges can send a request to deactivate an admin account by inserting a low privileged user session into the session cookie. The request will be processed successfully, deactivating the admin account and allowing the attacker to edit the profile information. Similarly, the vulnerability can be reproduced by deleting a user account from the same security group, which will result in the account being fully removed from the application.