Ilevia EVE X1/X5 Server Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in Ilevia EVE X1/X5 Server versions through 4.7.18.0.eden. The issue arises from the application's authentication mechanism, which improperly handles user input. Unsanitized input is passed to a system() call for authentication, allowing remote attackers to inject special characters and manipulate command parsing. The vulnerability exploits the binary's interpretation of non-zero exit codes as successful authentication, enabling attackers to bypass authentication and gain full access to the system.

Impact

Exploitation of this vulnerability allows for authentication bypass, granting unauthorized users full access to the system. Additionally, it could lead to unauthorized command execution, depending on the privileges of the application.

Reproduction

To reproduce this vulnerability, send a POST request to the '/login/login.php' endpoint with the 'userid' and 'passwd' fields. Inject a double quote into the 'passwd' field to manipulate the command execution. The application will interpret the non-zero exit code as successful authentication, bypassing the login process.