id: CVE-2021-27651 info: name: Pega Infinity Authentication bypass author: idealphase severity: critical description: In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. reference: - https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md - https://nvd.nist.gov/vuln/detail/CVE-2021-27651 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-27651 cwe-id: CWE-287,CWE-640 tags: cve,cve2021,pega,auth-bypass requests: - method: GET path: - "{{BaseURL}}/prweb/PRAuth/app/default/" cookie-reuse: true redirects: true max-redirects: 2 matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "Pega Infinity" part: body - type: regex regex: - 'Pega 8\.(?:2\.[1-9]|3\.[0-9]|4\.[0-9]|5\.[0-2])' part: body extractors: - type: regex regex: - 'Pega 8\.(?:2\.[1-9]|3\.[0-9]|4\.[0-9]|5\.[0-2])' part: body