Bypass bruteforce protection on login form in elabftw
CVE-2021-41171

5.9MEDIUM

Key Information:

Vendor

Elabftw

Status
Elabftw
Vendor
CVE Published:
22 October 2021

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2021-41171?

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing brute force login protection, as recommended by Owasp with Device Cookies. This mechanism will not impact users and will effectively thwart any brute-force attempts at guessing passwords. The only correct way to address this is to upgrade to version 4.1.0. Adding rate limitation upstream of the eLabFTW service is of course a valid option, with or without upgrading.

Affected Version(s)

elabftw < 4.1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-41171 - Proof of Concept

References

https://github.com/elabftw/elabftw/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/elabftw/elabftw/commit/8e92afeec4c3a68...
x_refsource_MISC
https://github.com/elabftw/elabftw/releases/tag/4.1.0
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.