Main Vulnerability Database Vulnerabilities #VU83292

#VU83292 Improper Authentication in authentik - CVE-2022-23555

Published: November 20, 2023

Vulnerability identifier: #VU83292

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-23555

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
authentik

Software vendor:
Authentik Security Inc

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one provided. A remote attacker can that knows different invitation flows names (e.g. `enrollment-invitation-test` and `enrollment-invitation-admin`) via either different invite links or via brute forcing signup via a single invitation url for any valid invite link received (it can even be a url for a third flow as long as it's a valid invite) as the token used in the `Invitations` section of the Admin interface does NOT change when a different `enrollment flow` is selected via the interface and it is NOT bound to the selected flow, so it will be valid for any flow when used.

Remediation

Install updates from vendor's website.

External links

https://github.com/goauthentik/authentik/security/advisories/GHSA-9qwp-jf7p-vr7h

#VU83292 Improper Authentication in authentik - CVE-2022-23555

Description

Remediation

External links

Please verify you're human