Schule OTP Generation Vulnerability Allows Brute-Force Attacks
Vulnerability
A vulnerability exists in the Schule open-source school management system in versions prior to 1.0.1, within the OTP generation function. The function generates a 4-digit numeric One-Time Password (OTP) using a secure random number generator. However, the limited range of 1000 to 9999 creates only 9000 possible combinations, making the OTP susceptible to brute-force attacks. This issue is exacerbated by the lack of robust rate-limiting or lockout mechanisms.
Impact
The vulnerability allows for brute-force attacks on the One-Time Password (OTP) generation, potentially leading to unauthorized access or actions that rely on OTP verification.
Reproduction
To reproduce this vulnerability, request an OTP from a version of Schule prior to 1.0.1. The generated OTP can be easily brute-forced due to the limited range and short length, especially if there are no strong rate-limiting or lockout mechanisms in place.
Remediation
Users can update to Schule version 1.0.1 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.