Authorization bypass through user-controlled key in Mk-Auth

#VU49216 Authorization bypass through user-controlled key in Mk-Auth

Published: 2021-01-03 | Updated: 2021-01-04

Vulnerability identifier: #VU49216

Vulnerability risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-3005

CWE-ID: N/A

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Mk-Auth
Server applications / Directory software, identity management

Vendor: Mk-Auth

Description

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to incorrect implementation of access restrictions in central/recibo.php. A remote attacker can obtain sensitive information (e.g., a CPF number) via a modified titulo (aka invoice number).

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Mk-Auth: 1.00 - 19.01

External links
http://mk-auth.com.br/
http://gist.github.com/alacerda/3b925cb333eb839ae808d6f01642aeb3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in MK-AUTH