Vulnerability identifier: #VU99654
Vulnerability risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-311
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
LedgerSMB
Web applications /
CRM systems
Vendor: LedgerSMB
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. A remote attacker can trick a user into using an unencrypted connection (HTTP) to obtain the authentication data by capturing network traffic.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
LedgerSMB: 1.8.0 - 1.8.31
External links
http://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d
http://github.com/ledgersmb/ledgersmb/commit/c242f5a2abf4b99b0da205473cbba034f306bfe2
http://ledgersmb.org/cve-2021-3882-sensitive-non-secure-cookie
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.