Cicool Builder Password Reset Vulnerability in Administrator Authentication

A vulnerability allowing unauthorized password resets for administrators has been identified in Cicool Builder versions through 3.4.4. This issue arises from inadequate access control on the password reset endpoint, enabling attackers to reset passwords without knowledge of the current password. Exploitation of this vulnerability could lead to full administrative access on the application.

Impact

Exploitation of this vulnerability allows for complete administrative takeover of the application, including access to all hosted data and the ability to modify or delete critical system resources.

Reproduction

To reproduce this vulnerability, access the '/administrator/auth/reset_password' endpoint on a Cicool Builder installation version 3.4.4 or prior. The application will not enforce proper authentication or authorization, allowing the password to be reset without knowledge of the existing password. After resetting the password, log in with the new credentials to gain full administrative access.

Remediation

Users are advised to upgrade to the latest patched version of Cicool Builder as soon as it becomes available. Additionally, implement strict authentication and authorization checks on the password reset functionality.