FACTION Authentication Bypass Vulnerability Allowing Admin User Creation
Vulnerability
An authentication bypass vulnerability has been identified in FACTION, a PenTesting report generation and collaboration framework, in versions prior to 1.4.3. This vulnerability allows attackers to register new users with admin privileges at any time, without authorization. While the registration request must adhere to certain validation rules, such as providing complete information and a secure password, there are no additional controls to prevent unauthorized user creation.
Impact
Exploitation of this vulnerability allows for authentication bypass, granting attackers administrative privileges on the FACTION server.
Reproduction
To reproduce this vulnerability, set up FACTION locally using the provided 'docker-compose' script and complete the initial setup to create an admin user. Then, send a POST request to the server's root endpoint, including the necessary form data to create a new admin user. After the request is processed, log in with the newly created admin account to verify that the user has been granted administrative privileges.
Remediation
The 'Create User' endpoint should be disabled after the initial admin user is created, requiring new users to be added by an existing administrator.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.