[CVE-2017-16631] SapphireIMS: IDOR on password reset

Description

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the “Account Password Reset” functionality.

CVSS 3.0 Base Score

8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

Researcher

Tanoy Bose

POC

Unlisted

Vulnerability Tracker

Disclosure timelines

  • 14 Sept, 2017 - Informed vendor; No response
  • 15 Sept, 2017 - Informed CERT/CC
  • 26 Sept, 2017 - First follow up; No response
  • 30 Oct, 2017 - Second follow up; No response
  • 06 Nov, 2017 - Assigned CVE
Namaste.
You can know about me at my portfolio.
I follow my own Vulnerability Disclosure Policy.
Most of my work is listed here.