ETQ Reliance Authentication Bypass Vulnerability on CG Platform Allowing Privileged Access

A vulnerability allowing authentication bypass has been identified in ETQ Reliance on the CG (legacy) platform. This issue arises from improper input validation in the login process, which allows manipulation of the username field to gain access as the internal SYSTEM user. The SYSTEM account, which does not require a password, can be exploited by attackers with network access to the login page. Once authenticated, attackers can achieve remote code execution by modifying Jython scripts within the application. This vulnerability has been addressed in version MP-4583 by implementing stricter validation to prevent internal accounts from being authenticated through public workflows.

Impact

Exploitation of this vulnerability allows unauthorized access to the SYSTEM account, bypassing authentication requirements. This access could lead to remote code execution by manipulating Jython scripts within the application.

Reproduction

To reproduce this vulnerability, navigate to the ETQ Reliance login page on the CG (legacy) platform. Enter 'SYSTEM' followed by a trailing space in the username field and any password. This manipulation bypasses the authentication check for internal accounts, granting access to the SYSTEM user. After logging in, Jython scripts can be modified to execute arbitrary code on the server.

Remediation

ETQ has released a patch in version MP-4583, which is available to on-premises customers. The patch has been deployed to hosted customers.