Campcodes Advanced Voting Management System Password Reset Vulnerability in Voters Edit Endpoint

An authorization bypass vulnerability has been identified in Campcodes Advanced Voting Management System version 1.0. The issue resides in the administrative endpoint '/admin/voters_edit.php', specifically within the password handling component. The vulnerability allows authenticated voters to manipulate the 'id' parameter and reset passwords for arbitrary voter accounts without proper authorization. This flaw could lead to unauthorized access and account takeover, compromising the integrity of the voting process.

Impact

Exploitation of this vulnerability allows for horizontal privilege escalation, enabling an authenticated voter to reset the password of another voter, thereby taking over their account. This unauthorized password reset could disrupt the integrity of the election process.

Reproduction

To reproduce this vulnerability, an authenticated voter must send a POST request to the '/admin/voters_edit.php' endpoint. The request must include a manipulated 'id' parameter that references another voter's account, along with a new password. The absence of proper authorization checks allows the password to be changed without consent from the account owner.

Remediation

It is recommended to implement strict role-based access controls on all administrative endpoints, ensuring that only authorized users can perform sensitive actions. Additionally, validate that users have ownership of accounts before allowing password changes.