RingCentral Communications Plugin for WordPress Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in the RingCentral Communications plugin for WordPress, specifically in versions 1.5 to 1.6.8. The issue arises from improper validation in the 'ringcentral_admin_login_2fa_verify' function, allowing unauthenticated attackers to log in as any user by sending matching fake codes. This vulnerability exploits the lack of server-side verification for the two-factor authentication (2FA) process, as the 2FA code is not stored persistently on the server and instead relies on two POST fields that are fully under attacker control.

Impact

Exploitation of this vulnerability allows for authentication bypass, enabling attackers to log in as any user without proper credentials.

Reproduction

To reproduce this vulnerability, send a login request to the WordPress site with the RingCentral Communications plugin active, including two POST fields: 'ringcentral_2fa_code' and 'validation_code'. Both fields can be populated with identical fake codes. The absence of server-side verification for the 2FA process will allow the login to be processed successfully, bypassing authentication.

Remediation

Users are advised to update the RingCentral Communications plugin for WordPress to version 1.7.0 or later, where this vulnerability has been patched.