Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential Security Vulnerabilities #18

Open
JarLob opened this issue Jan 26, 2021 · 0 comments
Open

Potential Security Vulnerabilities #18

JarLob opened this issue Jan 26, 2021 · 0 comments

Comments

@JarLob
Copy link

JarLob commented Jan 26, 2021

Summary

QQConnect is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) that may lead to the elevation of privileges and per-user denial of service (DoS).

Product

QQConnect

Tested Version

Master branch.

Details

Issue 1: XSS (CVE-2018-0784)

The application doesn't have the fix for CVE-2018-0784 that was found in ASP.NET Core templates. It is vulnerable to XSS if the logged-in user is tricked into clicking a malicious link like https://localhost:44315/manage/EnableAuthenticator?AuthenticatorUri=%22%3E%3C/div%3E%00%00%00%00%00%00%00%3Cscript%3Ealert(%22XSS%22)%3C/script%3E and enters an invalid verification code. Mode details are available in the blog post.

Impact

This issue may lead to the elevation of privileges.

Remediation

Modify the code according to the instructions from the advisory.

Issue 2: CSRF (CVE-2018-0785)

The application doesn't have the fix for CVE-2018-0785 that was found in ASP.NET Core templates. It is vulnerable to CSRF. A logged-in user with enabled Second Factor Authentication (2FA) may lose their recovery codes if they are tricked into clicking a link like https://localhost:44315/manage/GenerateRecoveryCodes or visit a malicious site that makes the request without the user's consent. As a result the user may be permanently locked out of their account after loosing access to their 2FA device, as the initial recovery codes would no longer be valid.

Impact

This issue may lead to the per-user DoS.

Remediation

Modify the code according to the instructions from the advisory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant