Fushengqian Fuint Authentication Bypass Vulnerability in ClientSignController

An authentication bypass vulnerability has been identified in Fushengqian Fuint versions prior to 41e26be8a2c609413a0feaa69bdad33a71ae8032. The issue arises in the ClientSignController.java file, specifically within the Authentication Token Handler component. The vulnerability allows unauthorized access to user accounts by overwriting a securely generated authentication token with the user's mobile phone number. This flaw can be exploited remotely and is considered complex, although a public exploit is available.

Impact

Exploitation of this vulnerability leads to complete account takeover, allowing attackers to access personal data, financial information, and perform account operations. Additionally, this vulnerability could result in a mass breach of user data, especially if phone numbers are obtained from public sources or data breaches.

Reproduction

To reproduce this vulnerability, log in to the application using valid credentials. After logging in, the application will return a token that is actually the user's phone number. This phone number can then be used to access sensitive endpoints, such as those under '/clientApi/user/**', bypassing normal authentication requirements.

Remediation

The vulnerability can be fixed by removing the line of code that overwrites the secure token with the user's phone number. After applying this fix, it's recommended to force all users to re-authenticate and monitor for any signs of exploitation.