HybridAuth Improper Certificate Validation Vulnerability in SSL Handler
Vulnerability
A vulnerability exists in HybridAuth versions through 3.12.2, specifically within the SSL Handler component in the file src/HttpClient/Curl.php. The issue arises from the default cURL options, which disable SSL certificate verification. This flaw can lead to man-in-the-middle (MITM) attacks during OAuth or OpenID Connect authentication processes. The vulnerability can be exploited remotely, without authentication, but requires a complex attack strategy.
Impact
Exploitation of this vulnerability allows for improper validation of SSL certificates, potentially leading to man-in-the-middle attacks during authentication processes.
Reproduction
The vulnerability can be reproduced by using HybridAuth in a version prior to 3.12.2 and initiating an authentication flow with a provider that uses the default cURL options. The disabled SSL verification can be confirmed by monitoring the cURL request, which will show that certificate validation is turned off, allowing for a MITM attack.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.