Published: 25/09/2019 Updated: 24/08/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

GLPI up to and including 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an arbitrary password for any user. This vulnerability can be exploited to take control of admin account. This vulnerability could be also abused to obtain other sensitive fields like API keys or password hashes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
glpi-project glpi

GLPI-943-Account-Takeover Discovery and original PoC made by Pablo Martinez just adjusted slightly for python3 Example python3 resetpy --url localhost/ --user normal --password normal --email glpi_adm@testcom --newpass test Sofware: GLPI Version: <= 943 Discovered by: Pablo Martinez (@Xassiz) Fix: version 944 Vulnerability: Account takeover (CVE-2019-14666

CWE-200 https://www.tarlogic.com/advisories/Tarlogic-2019-GPLI-Account-Takeover.txt https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q https://nvd.nist.gov https://github.com/SamSepiolProxy/GLPI-9.4.3-Account-Takeover

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-14666

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect