OpenCRX version 4.30 and version 5.0-20200717 suffers from an unverified password change vulnerability, which is an instance of CWE-620. This vulnerability has a CVSSv3 score of 9.1, which is usually CRITICAL, since it effectively allows anyone who can connect to the OpenCRX server to change the password of the admin-Standard user (or the password of any other user).
Product description
OpenCRX is an open source customer relationship management (CRM) application from CRIXP Corp, and is used to manage sales and marketing pipelines in a variety of organizations, primarily in European markets. More about OpenCRX can be found at the project's website, as well as its GitHub repo.
Credit
This issue was discovered by senior web application penetration tester Trevor Christiansen. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy.
Exploitation of CVE-2020-7378
While taking the Offensive Security Web Expert (OSWE) certification exam, an intensive, timed, hands-on web application security lab, Trevor went a little bit ...off the beaten path. While the OSWE is designed with some intentionally vulnerable web applications that the student is intended to exploit, he ended up discovering a previously unknown vulnerability in the OpenCRX instance installed in the lab. Specifically, Trevor discovered that OpenCRX version 4.3.0 allows for a malicious user to reset the password for the ‘admin-Standard’ user without knowledge of the exis ..
Support the originator by clicking the read the rest link below.
){kind=link}