YXJ2018 SpringBoot-Vue-OnlineExam Improper Authentication Vulnerability
Vulnerability
A vulnerability has been identified in YXJ2018 SpringBoot-Vue-OnlineExam version 1.0, which allows for improper authentication. This issue arises from an unknown processing flaw in the API component, enabling remote attacks. The vulnerability requires a high level of complexity to exploit, making it a challenging issue to take advantage of.
Impact
Exploitation of this vulnerability leads to unauthorized access, allowing attackers to manipulate user information, such as changing passwords.
Reproduction
To reproduce this vulnerability, log into a teacher account and navigate to the student management section. Capture the network traffic, delete the session cookie, and attempt to access the interface again. The absence of permission checks will be evident, as access is still granted despite the cookie deletion. This unauthorized access can be demonstrated by modifying student information, such as changing a password, and verifying the change by logging in with the new credentials.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.