WeGIA Authentication Bypass Vulnerability in Resource Verification Endpoint

An authentication bypass vulnerability has been identified in the WeGIA application, prior to version 3.4.5. The issue resides in the '/dao/verificar_recursos_cargo.php' endpoint, where the application fails to validate user sessions or authentication. This allows unauthenticated users to access protected functionalities and retrieve sensitive information by sending crafted HTTP requests without session cookies or authentication tokens. The vulnerability affects several endpoints, including '/dao/exibir_cargo.php', '/dao/verificar_modulos_visiveis.php', '/dao/exibir_documento.php', and '/dao/adicionar_documento.php'.

Impact

Exploitation of this vulnerability can lead to unauthorized access to sensitive data, privilege escalation by accessing information meant for authorized users, disclosure of internal business logic and IDs related to user roles or permissions, and support for reconnaissance activities by mapping backend structures for targeted attacks.

Reproduction

The vulnerability can be reproduced by sending HTTP requests to the '/dao/verificar_recursos_cargo.php' endpoint without including session cookies or authentication tokens. The response will indicate that the request is processed without session validation, allowing access to protected resources.

Remediation

Users can upgrade to WeGIA version 3.4.5, which addresses this authentication bypass vulnerability.