Summary
It was noted that the password reset functionality of the "RHUB TurboMeeting" application resets passwords to a random 8-digit value instead of allowing users to set a new password of their choice.
Severity
High- This vulnerability severely compromises the security of user accounts, especially the default "admin" user.
Proof of Concept
The boolean-based SQL injection referenced here can be leveraged to exploit and retrieve the admin's hashed password of a recently reset password. This hashed password can then be cracked in under two seconds using hashcat, to an 8-digit value enabling an attacker to authenticate as the admin.
Further Analysis
The password reset functionality should be reconfigured to allow users to set a new password of their choice rather than generating a random 8 character password. Additionally, a strong password policy that requires complex and unique passwords should be enforced. Lastly, multi-factor authentication capabilities should also be implemented to add an additional layer of security prior to authenticating as an admin user.
Timeline
Date reported: 4/17/2024
Date fixed:
Date disclosed: 7/24/2024
0xc0ffeee Finder
Summary
It was noted that the password reset functionality of the "RHUB TurboMeeting" application resets passwords to a random 8-digit value instead of allowing users to set a new password of their choice.
Severity
High- This vulnerability severely compromises the security of user accounts, especially the default "admin" user.
Proof of Concept
The boolean-based SQL injection referenced here can be leveraged to exploit and retrieve the admin's hashed password of a recently reset password. This hashed password can then be cracked in under two seconds using hashcat, to an 8-digit value enabling an attacker to authenticate as the admin.
Further Analysis
The password reset functionality should be reconfigured to allow users to set a new password of their choice rather than generating a random 8 character password. Additionally, a strong password policy that requires complex and unique passwords should be enforced. Lastly, multi-factor authentication capabilities should also be implemented to add an additional layer of security prior to authenticating as an admin user.
Timeline
Date reported: 4/17/2024
Date fixed:
Date disclosed: 7/24/2024