: Fixed<\/span><\/p>\n<\/h3>\nDescription<\/h3>\n
Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.<\/p>\n
The default database credentials (Advisory-ID: usd20180013) also provide the possibility to read and manipulate sensitive data stored in the database. The key among these sensitive data, and plausibly the one with maximum lateral hopping possibility, being the ability to read user ids and encrypted passwords of all registered users, including that of the Supervisor. Furthermore, the database allows access to individual users through user id and the encrypted password. Thus, with knowledge of a user id and the associated password, more connections to the database can be established.<\/p>\n
The vulnerability, in all its simplicity, can be stated as the ability to read obtain encrypted passwords of all users and utilize the same to obtain further access to the database<\/p>\n
<\/span><\/p>\nProof of Concept (PoC)<\/h3>\n
Screenshort attached to advisory, showing gained user credentials.<\/span><\/p>\n[\/et_pb_text][et_pb_image src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2021\/07\/lexware_default_database_creds_screenshot.png\" _builder_version=\"4.9.4\" _module_preset=\"default\" title_text=\"lexware_default_database_creds_screenshot\" hover_enabled=\"0\" sticky_enabled=\"0\"][\/et_pb_image][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" sticky_enabled=\"0\"]<\/p>\n
\n
\n
Fix<\/h3>\n
https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Access_Control_Cheat_Sheet.html<\/p>\n
<\/h3>\nCredits<\/h3>\n
This security vulnerabilities were found by Sebastian Puttkammer of usd AG.<\/span><\/p>\n<\/div>\n<\/div>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
usd-2018-0014 | Lexware Professional 2017\/Version 17.02 Advisory ID: usd-2018-0014CVE Number: N\/AAffected Product: Lexware Professional 2017Affected Version: Version 17.02Vulnerability Type: Improper Access ControlSecurity Risk: CriticalVendor URL: https:\/\/shop.lexware.de\/reisekosten-abrechnungVendor Status: Fixed Description Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all […]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16550","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16550","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16550"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16550\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16550"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}