Code-Projects Hotel and Tourism Reservation System Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in Code-Projects Hotel and Tourism Reservation System version 1.0. The issue arises in the admin login component, specifically within the password verification function of the login.php file. Due to an inverted conditional check in the authentication logic, the application incorrectly grants access when an incorrect password is provided, while denying access for correct passwords. This vulnerability allows remote attackers to gain unauthorized administrative access.

Impact

Exploitation of this vulnerability allows remote, unauthenticated attackers to bypass authentication and gain full administrative access to the application. Once authenticated, attackers can view, modify, and delete all room and tour reservations, manage rooms, tours, and events, access all registered user data, and perform all administrative operations without knowing the admin password.

Reproduction

To reproduce this vulnerability, install Code-Projects Hotel and Tourism Reservation System version 1.0 on a local server such as XAMPP. Access the application through the admin login page. Enter a valid admin email address along with any incorrect password, and submit the login form. The application will bypass authentication and grant access to the admin dashboard, despite the incorrect password.

Remediation

The vulnerability can be fixed by correcting the logic in the password verification conditional. Authentication should be granted when password_verify() returns true, and an error message should be displayed when the password is incorrect.