Access Control Vulnerability in Nacos 2.0.3 by Alibaba
CVE-2021-43116

8.8HIGH

Key Information:

Vendor: Alibaba
Status: Nacos
Vendor: CVE Published:; 5 July 2022

What is CVE-2021-43116?

An access control vulnerability in Nacos version 2.0.3 allows attackers to manipulate login processes by capturing and altering authentication packets. When a user enters their username and password on the access prompt page, an attacker can intercept this data. By modifying the returned packets, the attacker can gain unauthorized access and log in as a legitimate user, compromising system security and integrity.

References

https://github.com/alibaba/nacos/issues/7127

https://github.com/alibaba/nacos/issues/7182

http://packetstormsecurity.com/files/171638/Nacos-2.0.3-A...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2022
Vulnerability Reserved
Nov 1, 2021