Security Vulnerability: Cross Site Request Forgery
Security Vulnerability: Cross Site Request Forgery
Description
FusionDirectrory is vulnerable against Cross Site Request Forgery (CSRF) attacks.
Distribution Name and Version
Debian stable Instance at admin.fusiondirectory.org is also affected.
FusionDirectory Version
1.2
PHP version used
7.0.14-2
Origin of php packages
Debian distribution packages.
Steps to Reproduce
- Authenticate with a test account at admin.fusiondirectory.org. Please use a test account, as the password will be reset to a known value.
- Open the attached file CSRF-FusionDirectory.html in the browser.
- Click on the Attack! button.
Expected behavior:
The application checks state changing requests if they are originated from a previously delivered application web page by comparison of a random token parameter. No changes are made.
Actual behavior:
The application accepts the request forged by the attacker page. The password of the attacked user is changed to Password1234! and the address is set to Owned!.
Reproduces how often: 100%.
Additional Information
The URL parameter plug is instance specific, but can easily be brute forced by the attacker.
See the OWASP CSRF Page for further details on this vulnerability.
Activity
changed milestone to %FusionDirectory 1.2.2
By Côme Chilliet on 2018-05-30T08:37:43 (imported from GitLab)
added PJ1802-0188 label
By Côme Chilliet on 2018-05-30T08:42:27 (imported from GitLab)
added Bugs label
By Côme Chilliet on 2018-05-30T08:42:38 (imported from GitLab)
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
By Côme Chilliet on 2018-05-30T08:50:43 (imported from GitLab)
created branch
5840-security-vulnerability-cross-site-request-forgeryBy Côme Chilliet on 2018-06-04T09:10:38 (imported from GitLab)
mentioned in commit d8dbd130
By Côme Chilliet on 2018-06-04T12:42:12 (imported from GitLab)
mentioned in commit 6e31f486
By Côme Chilliet on 2018-06-04T14:43:23 (imported from GitLab)
mentioned in commit d9089973
By Côme Chilliet on 2018-06-04T14:44:30 (imported from GitLab)
mentioned in commit 3b51b48c
By Côme Chilliet on 2018-06-04T14:45:38 (imported from GitLab)
mentioned in commit 1ac4c8b5
By Côme Chilliet on 2018-06-04T15:04:02 (imported from GitLab)
added fixes label
By Côme Chilliet on 2018-06-04T15:05:16 (imported from GitLab)
added packaging label
By Côme Chilliet on 2018-06-05T07:41:04 (imported from GitLab)
mentioned in issue archlinux/archlinux#4 (closed)
By bmortier on 2018-06-05T12:26:10 (imported from GitLab)
added fixes-merged and removed fixes labels
By Côme Chilliet on 2018-06-13T13:39:08 (imported from GitLab)
removed packaging label
By bmortier on 2018-06-25T13:00:37 (imported from GitLab)
added fusiondirectory-core and removed Bugs labels
By bmortier on 2018-06-25T13:00:46 (imported from GitLab)
added Security label
By Côme Chilliet on 2018-06-26T09:35:34 (imported from GitLab)
@pthomas Could you check that this is fixed?
By Côme Chilliet on 2018-06-26T16:30:26 (imported from GitLab)
added To Be Tested label
By Côme Chilliet on 2018-06-26T16:30:26 (imported from GitLab)
removed To Be Tested label
By bmortier on 2018-08-06T16:56:21 (imported from GitLab)
added FSA-0016 label
