BE-Hacktive
HackTricksTwitterLinkedInSponsorWebsite
French
French
  • BE-Hacktive
  • A propos de l'auteur et du projet
  • Table des matières
  • Contact
  • 🎬Synopsis
    • Technologie dans le temps
    • Cybersécurité
    • CVE
  • 🏆Eskooly - CVE
    • ESKOOLY (FR version)
    • ESKOOLY (EN version)
    • CVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0
    • ESkooly - Broken Authentication
      • CVE-2024-27710 - Privilege Escalation via Authentication Mechanism in Eskooly Web Product <= v3.0
      • CVE-2024-27711 - User Enumeration via Sign-up Process in Eskooly Web Product <= v3.0
      • CVE-2024-27712 - User Enumeration via Account Settings in Eskooly Web Product <= v3.0
    • CVE-2024-27713 - Protection mechanism Failure in Eskooly Web Product <= v3.0
    • CVE-2024-27715 - Inadequate Password Update Verification in Eskooly Web Product <= v3.0
    • CVE-2024-27716 - Cross-site Scripting (XSS) in Eskooly Web Product <= v3.0
    • CVE-2024-27717 - Cross-Site Request Forgery (CSRF) in Eskooly Web Product <= v3.0
  • 🚨Capsule 1 - Sensibilisation
    • Phishing
      • Phishing - Origines
      • Phishing - Evolution
      • Phishing - Statistiques
      • Phishing - Techniques
      • Phishing - Protection
    • Malware
      • Malware - Origines
      • Malware - Evolution
      • Malware - Catégories
      • Malware - Ransomware
    • Passwords - Mots de passe
      • Passwords - Origines
      • Passwords - Evolution de l'authentification
      • Passwords - Statistiques
      • Passwords - Protégez-vous
  • 🧨Capsule 2 - Ethical Hacking
    • Définition et Méthodologie
  • 🧰Capsule 3 - Outils
    • Burp Suite
      • Installation
      • Intercepter le trafic HTTP avec Burp Proxy
      • Définir le périmètre
      • Intruder et Repeater
  • Capsule 2 - Ethical Hacking
    • Page 1
  • 📖Articles
    • Cybersécurité 2023: 5 menaces majeures et comment s'en protéger
    • Suis-je victime des fuites de données ?
    • LOG4J: La librairie vulnérable qui secoue la planète
    • LOG4SHELL: VENI,VIDI,VICI
    • Protéger votre enfant en ligne: Conseils pour le "Safer Internet Day"
    • ChatGPT: Révolution ou menace ?
    • Le FBI démantèle Raptor Train : Un Botnet Chinois qui a Infecté 260 000 Appareils IoT dans le monde!
  • 🗞️News
    • Exploitation active des vulnérabilités de TP-Link, d'Apache et d'Oracle détectées
    • Microsoft insiste sur l'urgence de patcher les serveurs Exchange en local
Powered by GitBook
On this page
  • Introduction
  • Broken Authentication Findings
  • Key Findings
  • Conclusion
  1. Eskooly - CVE

ESkooly - Broken Authentication

PreviousCVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0NextCVE-2024-27710 - Privilege Escalation via Authentication Mechanism in Eskooly Web Product <= v3.0

Introduction

Authentication mechanisms are critical to securing any web application. Broken authentication vulnerabilities can lead to unauthorized access and privilege escalation, posing significant security risks. This post delves into the broken authentication findings from the Eskooly security report and explains the associated CVEs, highlighting how these vulnerabilities were discovered and their potential impacts.

Broken Authentication Findings

The security assessment of Eskooly Free Online School Management Software v.3.0 revealed several critical vulnerabilities under the category of "Broken Authentication." These vulnerabilities include issues like weak password policies, lack of multi-factor authentication (MFA), inadequate account lockout mechanisms, and improper handling of user accounts and HTTP response headers.

Key Findings

  1. Brute Force Attack

  • Description:

The system allows unlimited login attempts without locking out the account after several failed attempts, making it vulnerable to brute force attacks.

  • Impact:

An attacker can repeatedly attempt passwords until they find the correct one, leading to unauthorized access.

  • Linked CVE:

  • Example Exploitation:

An attacker can perform a brute-force attack on the login endpoint, trying different password combinations until successful.

  1. Weak Password Policy

  • Description:

The application enforces weak password policies that do not require complex passwords, making it easier for attackers to guess passwords.

  • Impact:

Increases the likelihood of successful brute-force and dictionary attacks.

  • Linked CVE:

  • Example Exploitation:

Registering and logging in with simple passwords like "123456" or "password" allows attackers to easily compromise accounts.

  1. No Account Lockout

  • Description:

The system does not lock accounts after multiple failed login attempts, allowing attackers to persist in brute force attacks.

  • Impact:

Facilitates unauthorized access through persistent password guessing.

  • Linked CVE:

  • Example Exploitation:

An attacker can continually attempt to guess passwords for a user account without being locked out, eventually succeeding.

  1. Use of Single-Factor Authentication

  • Description:

The application relies solely on passwords for authentication, lacking the additional security provided by multi-factor authentication (MFA).

  • Impact:

Single-factor authentication makes it easier for attackers to gain access if passwords are compromised.

  • Example Exploitation:

An attacker who acquires a user's password through phishing or social engineering can log in without needing a second form of verification.

  1. Inadequate Password Update Verification

  • Description:

The system allows password changes without verifying the current password, making it easier for attackers to change user passwords if they gain initial access.

  • Impact:

Facilitates account takeover if attackers can initiate password changes without the current password.

  • Linked CVE:

    • CVE-2024-27715

  • Example Exploitation:

An attacker logged in with a compromised session can change the account password without needing the original password, locking out the legitimate user. Impact of These Vulnerabilities:

Conclusion

The combined impact of these broken authentication vulnerabilities is severe. They allow attackers to:

Gain unauthorized access to user and administrative accounts. Escalate privileges within the application. Compromise sensitive user data and application integrity. Perform unauthorized actions, such as modifying or deleting data.

Linked CVE

🏆
CVE-2024-27710
CVE-2024-27710
CVE-2024-27710
:
CVE-2024-27710