PolarLearn OAuth 2.0 Login CSRF Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the OAuth 2.0 implementation for GitHub and Google login providers in PolarLearn versions through 0-PRERELEASE-15. The vulnerability arises because the application does not implement or verify the state parameter during the authentication flow. This oversight allows an attacker to pre-authenticate a session and deceive a victim into logging into the attacker's account. Consequently, any data the victim enters or academic progress made is recorded on the attacker's account, resulting in data loss for the victim and potential information disclosure to the attacker.

Impact

Exploitation of this vulnerability allows for Login CSRF, where a victim is tricked into logging into an attacker's account, leading to unauthorized access to the victim's data and academic progress, which is misdirected to the attacker's account.

Reproduction

The vulnerability can be reproduced by intercepting the OAuth callback response using a tool like Burp Suite. After logging in through Google or GitHub, the state parameter is not verified, allowing the interception and manipulation of the authentication process.

Remediation

Users can update to the latest version of PolarLearn, where this vulnerability has been addressed by implementing state parameter validation for both Google and GitHub OAuth logins.