TAAGSOLUTIONS MyTaag Privilege Escalation Vulnerability via Local Storage Manipulation
Vulnerability
A privilege escalation vulnerability has been identified in TAAGSOLUTIONS GmbH MyTaag versions through 2024-11-24. This issue allows a physically proximate attacker to bypass two-factor authentication (2FA) by manipulating the '2fa_authorized' key in the browser's Local Storage. Exploitation involves changing the 2FA authorization status from '0' to '1', thereby gaining unauthorized access to the user's account without completing the 2FA verification process.
Impact
Exploitation of this vulnerability allows attackers to bypass two-factor authentication, gaining unauthorized access to user accounts.
Reproduction
To reproduce this vulnerability, log into a MyTaag account with 2FA enabled. After the initial login with email and password, the '2fa_authorized' Local Storage key will be set to '0', indicating that the second factor has not been authenticated. Instead of entering the verification code, the key can be manually changed to '1'. After reloading the page, the system will grant access as if the 2FA verification was completed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.