Itel DAB Encoder Authentication Bypass Vulnerability

A vulnerability allowing authentication bypass has been identified in the Itel DAB Encoder (IDEnc build 25aec8d). This issue arises from improper validation of JSON Web Tokens (JWT) across devices. Attackers can exploit this vulnerability by reusing a valid JWT token obtained from one device to gain administrative access to any other device running the same firmware, regardless of differing passwords or networks. This flaw enables a full compromise of the affected devices.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access on affected devices, enabling attackers to fully control the devices and modify their settings remotely.

Reproduction

To reproduce this vulnerability, log into an affected device (Device 1) using valid credentials to obtain a JWT token. This token can then be injected into the local storage of another device (Device 2) running the same firmware. After refreshing the page, Device 2 will authenticate as an admin without requiring a password. This process can be automated with a Python script that logs into Device 1, retrieves the JWT, and uses it to access Device 2.

Remediation

Itel Electronics should implement proper JWT validation by binding tokens to specific devices or sessions, incorporating device identifiers in JWT claims, and using secure storage methods. Until a patch is available, administrators can disable JWT-based authentication, restrict access to the login endpoint, and monitor for suspicious login activity.