DB Elettronica SFT DAB Series Session Management Vulnerability Allowing Unauthorized Account Deletion

A session management vulnerability has been identified in the DB Elettronica SFT DAB series, specifically in version 1.9.3. This vulnerability allows attackers to bypass authentication by reusing session identifiers tied to IP addresses. Exploitation involves intercepting and reusing these session identifiers to access a vulnerable API, enabling unauthorized removal of user accounts.

Impact

Exploitation of this vulnerability leads to unauthorized account deletions on the affected device.

Reproduction

To reproduce this vulnerability, an established session must be intercepted and its session identifier reused. This can be done by waiting for a session to be established and then sending unauthorized requests to the vulnerable API endpoint 'userManager.cgx' to remove a user account.