Skip to content

Latest commit

 

History

History

CVE-2017-7284

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

CVE-2017-7284: Unitrends Force Password Change Without Current Password

Information

Description: Force password change without knowing current password.
Versions Affected: < 9.1.2
Researcher: Dwight Hohnstein (https://twitter.com/djhohnstein)
Disclosure Link: https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7284

Proof-of-Concept Exploit

Description

URL: https://url/api/users/#/?sid=#

The above URL is vulnerable to forceable password changes. You can change the logged in user's password without knowing the current password. This is done by passing the JSON parameter "force" with your request, as seen in the api/includes/users.php file.

Usage/Exploitation

python CVE-2017-7284.py -a AUTHSTRING -u TARGET -P PASSWORD_TO_SET

Screenshot

Alt-text that shows up on hover