Flask-HTTPAuth Token Authentication Vulnerability Allowing Unauthorized Access
Vulnerability
A vulnerability in Flask-HTTPAuth prior to version 4.8.1 allows unauthorized access to token-protected resources. When a client requests such a resource without a token or with an empty token, Flask-HTTPAuth incorrectly invokes the application's token verification callback with the empty token. This could lead to authentication of the request if any user in the database has an empty string as their token. The issue arises only in token authentication, and only if the application stores empty strings as tokens instead of NULL.
Impact
Exploitation of this vulnerability could result in unauthorized access to resources, allowing clients to be authenticated as users with empty string tokens.
Reproduction
To reproduce this vulnerability, send a request to a token-protected resource without an authorization token, or with an empty token. Ensure that the application has users with empty string tokens in the database. The server will respond as if the request was properly authenticated, potentially granting access to protected resources.
Remediation
Upgrade to Flask-HTTPAuth version 4.8.1 or later, and ensure that no user in the database has an empty string token.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.