OpenBMB XAgent WebSocket Endpoint Authorization Bypass Vulnerability in Version 1.0.0
Vulnerability
An authorization bypass vulnerability has been identified in OpenBMB XAgent version 1.0.0, specifically within the WebSocket endpoint replay server. The issue arises in the 'on_connect' and 'send_data' functions of 'replayer.py', where the 'interaction_id' parameter is not properly validated. This flaw allows any authenticated user to access and replay another user's interaction history, extracting sensitive third-party API keys that are stored in plaintext. The vulnerability can be exploited remotely, and while the exploitation process is complex, a public proof-of-concept is available.
Impact
Exploitation of this vulnerability leads to unauthorized access to another user's interaction history, including sensitive API keys, creating a cross-user credential theft scenario.
Reproduction
To reproduce this vulnerability, deploy OpenBMB XAgent 1.0.0 using Docker. After the application is running, an authenticated user can connect to the '/ws/replay/{interaction_id}' endpoint without ownership verification, and request to replay a victim's interaction, which will stream all raw data including unmasked API keys.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.