MineAdmin Logic Flaw Vulnerability in JWT Token Handler Allowing Unauthorized Token Refresh

A logic flaw has been identified in MineAdmin versions 1.x and 2.x, specifically within the JWT Token Handler component. The vulnerability resides in the 'refresh' function of the '/system/refresh' file. This flaw allows an attacker to remotely manipulate the token refresh process, leading to insufficient verification of data authenticity. Exploitation involves constructing a JSON Web Token (JWT) that appears to be signed by a super administrator, which can then be used to bypass system controls and gain unauthorized administrative privileges. The vulnerability takes advantage of the application's frontend-backend separation, with the backend API running on the default port 9501.

Impact

Exploitation of this vulnerability allows for unauthorized access to administrative privileges by manipulating the JWT token refresh process.

Reproduction

To reproduce this vulnerability, send a POST request to the '/system/refresh' endpoint on the backend API port 9501. Include a JWT in the Authorization header that is crafted to appear as if it is signed by a super administrator. The 'refresh' method will then accept this token and issue a new token with administrator rights.

Remediation

It is recommended to implement proper validation of the JWT signature in the 'refresh' method to ensure that only legitimate tokens are accepted.