PdfDing Password-Protected PDF Access Control Bypass Vulnerability

A vulnerability in PdfDing versions prior to 1.7.0 allows unauthenticated users to access password-protected shared PDFs. This is achieved by directly calling the file-serving endpoint without going through the required password verification process. As a result, confidential documents that users believed were secured by a shared-link password can be accessed without authorization.

Impact

Exploitation of this vulnerability leads to unauthorized access to password-protected PDF documents, allowing confidential information to be retrieved without proper authorization.

Reproduction

To reproduce this vulnerability, send a GET request to the direct PDF-serving endpoint with a valid shared identifier and revision number. This can be done without authentication, bypassing the normal password verification process.

Remediation

Users can update to PdfDing version 1.7.0 or later, where this vulnerability has been patched.