MegaBIP Password Reset Token Brute Force Vulnerability Allowing Unauthorized Password Changes

A vulnerability in MegaBIP software versions through 5.19 allows an unauthenticated attacker who knows user login names to brute force password reset tokens. These tokens are generated using a limited range of random values combined with a queryable value, enabling the attacker to manipulate the token and reset passwords for any user, including administrators. This vulnerability arises from the predictable token generation method, which creates an opportunity for brute force attacks on the password reset mechanism.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to account takeovers, including those of administrative accounts.

Remediation

Users are advised to update to MegaBIP version 5.20, which addresses this vulnerability. During the update, it is important to manually replace three files in the editor/config directory, as the automatic updater does not modify this folder. The files to be replaced are include_wysiwyg1.php, include_wysiwyg2.php, and include_wysiwyg3.php.