Skip to main content

Improper Access Control

CVE-2024-30173

Severity Medium
Score 6.5/10

Summary

The package causal/oidc versions through 2.0.0 are vulnerable to OpenID Connect Authentication (oidc) Bypass. The authentication service of the extension does not verify the OpenID Connect authentication state from the user lookup chain. Instead, the authentication service authenticates every valid frontend user from the user lookup chain, where the frontend user field "tx_oidc" is not empty. In scenarios, where either "ext:felogin" is active or where "$GLOBALS['TYPO3_CONF_VARS']['FE']['checkFeUserPid']" is disabled, an attacker can login to OpenID Connect frontend user accounts by providing a valid username and any password.

  • HIGH
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-284 - Improper Access Control

Listed 5th in the 'OWASP Top Ten', improper (or broken) access control attacks are a fundamental type of vulnerability. This includes a broad range of design flaws that enable users to act outside of their intended permissions. They can use these privileges to gain access to restricted files and functionality such as accessing restricted information, falsifying records, destroying data, or executing commands.

Advisory Timeline

  • Published