PandoraNext-TokensTool Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in PandoraNext-TokensTool versions through 0.6.8. This vulnerability allows attackers to access the API without a valid token. The issue arises in the 'LoginCheckInterceptor' class, specifically within the 'preHandle' function. The interceptor improperly validates requests by using 'req.getRequestURL()' to check the request path. This method fails to correctly parse special characters, enabling attackers to manipulate the URL and bypass authentication checks. For example, appending ';login' to certain API endpoints can circumvent the authentication requirement and access restricted data.

Impact

Exploitation of this vulnerability allows unauthorized access to the API, enabling users to retrieve sensitive information, such as system configuration data, without proper authentication.

Reproduction

To reproduce this vulnerability, send a request to the '/api/selectSetting' endpoint without a token. The response will indicate that authentication is required. However, if the same request is made with ';login' appended to the URL, the authentication check will be bypassed, and the system configuration data will be returned.