YunaiV Ruoyi-Vue-Pro Authentication Bypass Vulnerability in JwtAuthenticationTokenFilter

An authentication bypass vulnerability has been identified in YunaiV Ruoyi-Vue-Pro versions up to 3.8.0. The issue resides in the JwtAuthenticationTokenFilter component, specifically within the doFilterInternal method. The vulnerability allows remote attackers to manipulate the mock-token header, bypassing authentication and potentially leading to unauthorized access and actions within the application. The flaw has been publicly disclosed and exploited.

Impact

Exploitation of this vulnerability allows attackers to bypass authentication entirely, impersonate any user (including administrators), and gain unauthorized access to sensitive data and system functions.

Reproduction

To reproduce this vulnerability, send a request to an authenticated API endpoint while including a mock-token header that starts with 'user_' followed by a user ID. The server will process the header, bypass authentication, and grant access as the specified user.

Remediation

The vulnerability can be addressed by removing the mock-token functionality or by implementing environment-based controls to disable it in production environments.