Mist Community Edition Improper Access Control Vulnerability in API Token Handler
Vulnerability
A critical vulnerability exists in Mist Community Edition (CE) versions through 4.7.1, allowing unauthenticated attackers to generate valid API tokens for any user, including administrators. This flaw, rooted in improper access controls within the token creation process, enables full account takeover by bypassing authentication requirements. The vulnerability can be exploited remotely without user interaction.
Impact
Exploitation of this vulnerability allows for unauthorized API token creation, leading to account takeover by hijacking the session of the targeted user.
Reproduction
The vulnerability can be reproduced by sending a request to the 'create_token' endpoint of the API Token Handler with a victim's email address. This request can be made without any authentication, as the endpoint does not properly verify the requester's identity. Once the API token is generated, it can be used to log into the victim's account by bypassing normal authentication processes. After logging in, the session cookie can be replaced with the one obtained through the exploit, granting access to the victim's account.
Remediation
Users are advised to upgrade to Mist Community Edition version 4.7.2, which addresses this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.