Truesec LAPSWebUI Logout Functionality Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability exists in Truesec LAPSWebUI versions prior to 2.4, where the logout functionality does not work as intended. This flaw allows an attacker with access to a workstation to escalate privileges by disclosing the local admin password. The application fails to clear the client-side session cookie upon logout, leaving an active session that can be exploited to access a user's account without authentication. This issue extends the opportunity for unauthorized access using stolen session tokens.
Impact
Exploitation of this vulnerability could lead to unauthorized access to user accounts by allowing attackers to use stolen session tokens to bypass authentication.
Remediation
Users are advised to update to Truesec LAPSWebUI version 2.4 or later. If an immediate update is not possible, LAPSWebUI can be configured to require reauthentication with Entra ID before displaying passwords, by enabling the 'Force Reauth on Password request' setting in the server's 'appsettings.json' file.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.