Skip to content

Latest commit

 

History

History
20 lines (15 loc) · 942 Bytes

README.md

File metadata and controls

20 lines (15 loc) · 942 Bytes

CVE-2017-7284: Unitrends Force Password Change Without Current Password

Information

Description: Force password change without knowing current password.
Versions Affected: < 9.1.2
Researcher: Dwight Hohnstein (https://twitter.com/djhohnstein)
Disclosure Link: https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7284

Proof-of-Concept Exploit

Description

URL: https://url/api/users/#/?sid=#

The above URL is vulnerable to forceable password changes. You can change the logged in user's password without knowing the current password. This is done by passing the JSON parameter "force" with your request, as seen in the api/includes/users.php file.

Usage/Exploitation

python CVE-2017-7284.py -a AUTHSTRING -u TARGET -P PASSWORD_TO_SET

Screenshot

Alt-text that shows up on hover