Authentication Bypass For Endpoints With Anonymous Access in OpenCast
CVE-2020-5206

8.7HIGH

Key Information:

Vendor: Opencast
Status: Opencast
Vendor: CVE Published:; 30 January 2020

Summary

In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1

Affected Version(s)

opencast < 7.6 < 7.6

opencast >= 8.0, < 8.1 < 8.0, 8.1

References

https://github.com/opencast/opencast/security/advisories/...

x_refsource_CONFIRM

https://github.com/opencast/opencast/commit/b157e1fb3b359...

x_refsource_MISC

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 30, 2020
Vulnerability Reserved
Jan 2, 2020