CVE Vulnerability

CVE-2020-8434

Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode it to a client-side cookie for persistent session authentication. By knowing the key and algorithm, an attacker can select any username, encrypt it, base64 encode it, and save it in their browser with the correct JICSLoginCookie cookie format to impersonate any real user in the JICS database without the need for authenticating (or verifying with MFA if implemented).

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://medium.com/@mdavis332/higher-ed-erp-portal-vulnerability-auth-bypass-to-login-any-account-f1aeef438f80 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:jenzabar:internet_campus_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:jenzabar:internet_campus_solution:*:*:*:*:*:*:*:*
cpe:2.3:a:jenzabar:internet_campus_solution:*:*:*:*:*:*:*:*
Information

Published : 2020-05-19 01:15

Updated : 2020-05-27 02:53

NVD link : CVE-2020-8434

Mitre link : CVE-2020-8434

Products Affected
No products.
CWE
CWE-384

Session Fixation