Technostrobe HI-LED-WR120-G2 Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in the Technostrobe HI-LED-WR120-G2 obstruction lighting controller, specifically in version 5.5.0.1R6.03.30. The vulnerability arises from client-side authentication enforcement, allowing attackers to manipulate HTTP responses and gain unauthorized access to protected resources. This issue can be exploited remotely without any authentication requirements.

Impact

Exploitation of this vulnerability allows for full authentication bypass, granting unauthorized access to administrative functionalities. In the context of the affected lighting controller, this could lead to improper management of tower obstruction lights, creating potential hazards for aviation safety.

Reproduction

The vulnerability can be reproduced by intercepting the POST response to the '/LoginCB' endpoint using a proxy tool like Burp Suite. After modifying the response to indicate a successful authentication, the full configuration panel or other protected resources can be accessed. Alternatively, some pages can be accessed directly without any authentication checks.

Remediation

It is recommended to move authentication enforcement to the server side, issue signed 'HttpOnly' session cookies at login, and ensure that every protected endpoint independently checks session validity. Additionally, applying a defense-in-depth strategy can help mitigate the risks.