Authentication Bypass Vulnerability in Two-Factor Authentication
CVE-2024-10924
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 15 November 2024
Badges
What is CVE-2024-10924?
CVE-2024-10924 is an authentication bypass vulnerability identified in the Really Simple Security plugins for WordPress, affecting versions 9.0.0 to 9.1.1.1. This vulnerability stems from improper error handling in user checks within the two-factor authentication mechanism. Organizations utilizing these plugins for enhanced security may find themselves exposed, as unauthenticated attackers can potentially log in as any existing user, including administrators, if the two-factor authentication feature is enabled. This undermines the core purpose of the plugin, which is to provide an additional layer of security.
Technical Details
The vulnerability arises from a flaw in the 'check_login_and_get_user' function used in the REST API actions related to the two-factor authentication system. Specifically, the error handling mechanism fails to correctly verify user authentication, allowing attackers to exploit this weakness. The affected plugins include both free and premium versions, creating a wide-ranging potential impact for WordPress sites employing these tools for authentication purposes.
Impact of the Vulnerability
-
Unauthorized Access: Attackers can gain access to an organization's WordPress site as any user, including high-privilege accounts like administrators, potentially leading to unauthorized modifications or control over the site.
-
Data Breaches: With access to user accounts, attackers can exploit sensitive data, which could result in significant data breaches and compromise user information.
-
Increased Risk of Further Exploits: Once inside an organization's systems, attackers may install backdoors or other malicious tools that could lead to further exploitation, facilitating ransomware attacks or additional unauthorized access.
Affected Version(s)
Really Simple Security β Simple and Performant Security (formerly Really Simple SSL) 9.0.0 <= 9.1.1.1
Really Simple Security Pro 9.0.0 <= 9.1.1.1
Really Simple Security Pro multisite 9.0.0 <= 9.1.1.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
KasperskyCVE-2024-10924CVE-2024-10924, authentication bypass vulnerability in WordPress
Vulnerability CVE-2024-10924 in the Really Simple Security plugin allows an attacker to log onto a WordPress site with administrator rights.
2 months ago
The Hacker NewsCVE-2024-10924Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites
Critical vulnerability (CVE-2024-10924) in Really Simple Security plugin allows attackers admin access to WordPress sites. Over 4 million affected.
2 months ago
References
EPSS Score
23% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π
Vulnerability started trending
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved