Linjiashop Incorrect Access Control Vulnerability Allowing Authentication Bypass and Sensitive Data Disclosure
Vulnerability
A vulnerability in Linjiashop versions through 0.9 allows for incorrect access control, where attackers can bypass authentication using the default-generated JWT tokens. This exploitation leads to unauthorized access to the '/prod-api/account/info' endpoint, where sensitive information such as encrypted passwords and salts is disclosed. The extracted data, which includes a hash of the password combined with the salt, can be brute-forced to recover the original password.
Impact
Exploitation of this vulnerability allows for authentication bypass, unauthorized access to sensitive user information, and the potential to recover plaintext passwords through brute-force methods.
Reproduction
To reproduce this vulnerability, log into the Linjiashop application and obtain a default-generated JWT token. This token can be used to bypass authentication and access the '/prod-api/account/info' endpoint. The response will include encrypted passwords and salts, which can be used to recover the original password through brute-force cracking.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.