Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/documentation/modules/auxiliary/admin/http/idsecure_auth_bypass.md
Views: 11788
Vulnerable Application
This module exploits an improper access control vulnerability (CVE-2023-6329) in Control iD iDSecure <= v4.7.43.0. It allows an unauthenticated remote attacker to compute valid credentials and to add a new administrative user to the web interface of the product.
The advisory from Tenable is available here, which lists the affected version 4.7.32.0. According to the Solution section, the vendor has not responded to the contact attempts from Tenable. While creating this MSF module, the latest version available was 4.7.43.0, which was confirmed to be still vulnerable.
Testing
The software can be obtained from the vendor.
Deploy it by following the vendor's documentation.
Successfully tested on
Control iD iDSecure v4.7.43.0 on Windows 10 22H2
Control iD iDSecure v4.7.32.0 on Windows 10 22H2
Verification Steps
Deploy Control iD iDSecure v4.7.43.0
Start
msfconsoleuse auxiliary/admin/http/idsecure_auth_bypassset RHOSTS <IP>runA new administrative user should have been added to the web interface of the product.
Options
NEW_USER
The name of the new administrative user.
NEW_PASSWORD
The password of the new administrative user.
Scenarios
Running the module against Control iD iDSecure v4.7.43.0 should result in an output similar to the following: