KonaKart Storefront Application Cross Site Request Forgery

2014.09.23
Credit: Christian Schneider
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2014-5516
CWE: CWE-352


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

CVE-2014-5516 =================== "Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability in "KonaKart Storefront Application" Enterprise Java eCommerce product Vendor =================== DS Data Systems (UK) Ltd. Product =================== "KonaKart is an affordable java based shopping cart software solution for online retailers. Let KonaKart help increase your eCommerce sales." - source: http://www.konakart.com "KonaKart is a Java eCommerce system aimed at medium to large online retailers." - source: https://en.wikipedia.org/wiki/KonaKart Affected versions =================== This vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0 Patch =================== The vendor has released a XSRF fix as part of version 7.3.0.0 at http://www.konakart.com/downloads/ver-7-3-0-0-whats-new Reported by =================== This issue was reported to the vendor by Christian Schneider (@cschneider4711) following a responsible disclosure process. Severity =================== Medium Description =================== The existing CSRF protection token was checked for every POST request properly. When modifying the request from POST method to GET method all state-changing actions worked as well, but the CSRF token protection was no longer enforced, allowing CSRF attacks. Escalation potential ==================== Exploitation demonstration was responsibly provided along with the vulnerability report to the vendor, which changed a victim's mail address (using the CSRF protection bypass) to an attacker-supplied mail address, allowing a successful reset of victim's account password by the attacker. Timeline =================== 2014-05-02 Vulnerability discovered 2014-05-02 Vulnerability responsibly reported to vendor 2014-05-02 Reply from vendor acknowledging report 2014-??-?? Vendor released patch as part of version 7.3.0.0 2014-09-20 Advisory published via BugTraq References =================== http://www.konakart.com/downloads/ver-7-3-0-0-whats-new http://www.christian-schneider.net/advisories/CVE-2014-5516.txt

References:

http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
http://www.christian-schneider.net/advisories/CVE-2014-5516.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top