jshERP Access Control Vulnerability in ResourceController Allowing Unauthorized Data Access
Vulnerability
An access control vulnerability has been identified in jshERP version 3.5, specifically within the ResourceController component. This vulnerability allows unauthorized attackers to access ID-related data by simply altering the ID value. The issue arises from improper access control, enabling exploitation through modified requests.
Impact
Exploitation of this vulnerability leads to unauthorized access to user information, allowing attackers to log in as the targeted user.
Reproduction
To reproduce this vulnerability, intercept a GET request to the user login endpoint using a tool like Burp Suite. Modify the request to include an ID value of choice, then send the request. The response will contain all data associated with the provided ID, including encrypted password information. This encrypted password can be decrypted using the cmd5 platform to obtain the plaintext password, facilitating arbitrary login to the account.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.