Primary

Context

itranswarp Authentication Bypass Vulnerability in the Management Component

Vulnerability

An authentication bypass vulnerability has been identified in itranswarp version 2.19. This issue allows attackers to access the '/manage/' component without a valid token by sending a crafted request. The vulnerability arises because the authorization check only verifies if the request URI starts with '/manage/', without filtering special characters. As a result, attackers can manipulate the URI to bypass authentication and gain unauthorized access.

Impact

Exploitation of this vulnerability allows for unauthorized access to the management component, bypassing authentication requirements.

Reproduction

To reproduce this vulnerability, send a request to the '/manage;/setting/website' endpoint. The absence of token validation for this URI will result in unauthorized access, demonstrating the authentication bypass.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

itranswarp Authentication Bypass Vulnerability in the Management Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating