elunez eladmin Information Disclosure Vulnerability in /auth/info Endpoint

A sensitive information disclosure vulnerability has been identified in elunez eladmin versions through 2.7. The issue arises in the /auth/info endpoint, which returns user data without proper filtering of entity fields. This oversight allows sensitive information, including the user's password hash, to be exposed, potentially leading to offline password brute-force attacks. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

The vulnerability allows authenticated users to access password hashes, creating a risk of offline password cracking.

Reproduction

To reproduce this vulnerability, log into an affected version of eladmin and send a request to the /auth/info endpoint. The response will include unfiltered user information, including the password hash, which is not used on the frontend. This exposure can be leveraged to conduct offline brute-force attacks on the password.

Remediation

It is recommended to implement field filtering at the Data Transfer Object (DTO) layer to ensure that only necessary information is sent to the frontend.