Authentication Bypass Vulnerability in Two-Factor Authentication
CVE-2024-10924
Key Information:
- Vendor
Wordpress
- Status
- Vendor
- CVE Published:
- 15 November 2024
Badges
What is CVE-2024-10924?
CVE-2024-10924 is an authentication bypass vulnerability identified in the Really Simple Security plugins for WordPress, affecting versions 9.0.0 to 9.1.1.1. This vulnerability stems from improper error handling in user checks within the two-factor authentication mechanism. Organizations utilizing these plugins for enhanced security may find themselves exposed, as unauthenticated attackers can potentially log in as any existing user, including administrators, if the two-factor authentication feature is enabled. This undermines the core purpose of the plugin, which is to provide an additional layer of security.
Technical Details
The vulnerability arises from a flaw in the 'check_login_and_get_user' function used in the REST API actions related to the two-factor authentication system. Specifically, the error handling mechanism fails to correctly verify user authentication, allowing attackers to exploit this weakness. The affected plugins include both free and premium versions, creating a wide-ranging potential impact for WordPress sites employing these tools for authentication purposes.
Impact of the Vulnerability
-
Unauthorized Access: Attackers can gain access to an organization's WordPress site as any user, including high-privilege accounts like administrators, potentially leading to unauthorized modifications or control over the site.
-
Data Breaches: With access to user accounts, attackers can exploit sensitive data, which could result in significant data breaches and compromise user information.
-
Increased Risk of Further Exploits: Once inside an organization's systems, attackers may install backdoors or other malicious tools that could lead to further exploitation, facilitating ransomware attacks or additional unauthorized access.
Affected Version(s)
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 9.0.0 <= 9.1.1.1
Really Simple Security Pro 9.0.0 <= 9.1.1.1
Really Simple Security Pro multisite 9.0.0 <= 9.1.1.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
KasperskyCVE-2024-10924CVE-2024-10924, authentication bypass vulnerability in WordPress
Vulnerability CVE-2024-10924 in the Really Simple Security plugin allows an attacker to log onto a WordPress site with administrator rights.
The Hacker NewsCVE-2024-10924Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
Critical vulnerability (CVE-2024-10924) in Really Simple Security plugin allows attackers admin access to WordPress sites. Over 4 million affected.
Really Simple Security - CVE-2024-10924
Start It’s been almost a year since my last blog post—time really flies! But today, I stumbled upon something that pulled me back to the keyboard: Wordfence just reported a critical vulnerability in the Really Simple Security (Slugs: really-simple-ssl , really-simple-ssl-pro, really-simple-ssl-pro-...
References
EPSS Score
93% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📈
Vulnerability started trending
Vulnerability published
- 📰
First article discovered by s3cur1ty.ch
Vulnerability Reserved