Key Systems Inc Global Facilities Management Software Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Key Systems Inc Global Facilities Management Software version 20230721a. The issue arises from a weak authentication mechanism that relies on PINs for admin access. The application does not implement account lockout, rate limiting, or multi-factor authentication, enabling remote attackers to brute force PINs and gain unauthorized administrative privileges.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access, potentially leading to a complete takeover of the admin account.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the login page. Attempt to authenticate using an arbitrary UserID and PIN to confirm that the UserID is invalid. Then, try a valid UserID, such as 'admin', and note the response indicating an incorrect PIN. This response can be used to identify successful PIN guesses. After establishing a valid UserID, use a web proxy tool like Burp Suite to brute force the PIN by sending a series of PIN guesses and filtering the responses for a status indication of success. Once the correct PIN is identified, it can be used to log in as the admin user.

Remediation

It is recommended to replace PIN authentication with a requirement for strong, complex passwords. Additionally, implement rate limiting and account lockout mechanisms to defend against brute force attacks, and configure multi-factor authentication for an extra layer of security before granting account access.