{"id":21765,"date":"2023-12-21T14:26:32","date_gmt":"2023-12-21T13:26:32","guid":{"rendered":"https:\/\/herolab.usd.de\/?page_id=21765"},"modified":"2024-01-02T10:45:33","modified_gmt":"2024-01-02T09:45:33","slug":"usd-2022-0051","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2022-0051\/","title":{"rendered":"usd-2022-0051"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.23.1\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n<h1>usd-2022-0051 | Back-Back-Refresh in CPTO 6.3.8.6<\/h1>\n<h1><\/h1>\n<p><strong>Advisory ID<\/strong>: usd-2022-0051<br \/><strong>Product<\/strong>: Cash Point &amp; Transport Optimizer CPTO<br \/><strong>Affected Version<\/strong>: 6.3.8.6 (#718) 06.07.2021<br \/><strong>Vulnerability Type<\/strong>: CWE 613 - Insufficient Session Expiration<br \/><strong>Security Risk<\/strong>: Low<br \/><strong>Vendor URL<\/strong>: <a>https:\/\/www.sesami.io\/<\/a><br \/><strong>Vendor acknowledged vulnerability<\/strong>: Yes<br \/><strong>Vendor Status<\/strong>: Fixed<br \/><strong>CVE number<\/strong>: CVE-2023-31292<br \/><strong>CVE Link<\/strong>: Pending<\/p>\n<h3>Description<\/h3>\n<p>An attacker can execute a Back-Back-Refresh attack in order to steal the user credentials of a logged out user. The attack is initiated by an attacker, with local access to the victim\u2019s computer, who clicks on the browser's back button after the victim has logged out. By clicking the Try Again and Resend buttons on the resulting Document Expired page the attacker can intercept the cached username and password using the browser\u2019s Web Developer Tools.<\/p>\n<h3>Fix<\/h3>\n<p>Users should update CPTO to its current version.<\/p>\n<h3>References<\/h3>\n<p><a>https:\/\/owasp.org\/www-pdf-archive\/Demystifying_Authentication_Attacks.pdf<\/a><\/p>\n<h3>Timeline<\/h3>\n<ul>\n<li><strong>2022-11-03<\/strong>: Vulnerabilities discovered by Marcus Nilsson.<\/li>\n<li><strong>2022-11-28<\/strong>: The Responsible Disclosure tries to establish contact with vendor for the first time.<\/li>\n<li><strong>2023-04-27<\/strong>: CVE IDs are requested and subsequently reserved.<\/li>\n<li><strong>2023-05-12<\/strong>: Trying to establish contact via phone and email has been unsucessful, usd AG's customer notifies the team that vulnerabilities should by fixed come autumn.<\/li>\n<li><strong>2023-11-23<\/strong>: Marcus Nilsson got in touch with vendor, the advisories shall be published without a Proof-Of-Concept of the exploits in December.<\/li>\n<li><strong>2022-12-21<\/strong>: Advisory published by usd AG.<\/li>\n<\/ul>\n<h3>Credits<\/h3>\n<p>This security vulnerability was found by Marcus Nilsson of usd AG.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2022-0051 | Back-Back-Refresh in CPTO 6.3.8.6 Advisory ID: usd-2022-0051Product: Cash Point &amp; Transport Optimizer CPTOAffected Version: 6.3.8.6 (#718) 06.07.2021Vulnerability Type: CWE 613 - Insufficient Session ExpirationSecurity Risk: LowVendor URL: https:\/\/www.sesami.io\/Vendor acknowledged vulnerability: YesVendor Status: FixedCVE number: CVE-2023-31292CVE Link: Pending Description An attacker can execute a Back-Back-Refresh attack in order to steal the user credentials of [&hellip;]<\/p>\n","protected":false},"author":114,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-21765","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/114"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=21765"}],"version-history":[{"count":4,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21765\/revisions"}],"predecessor-version":[{"id":21867,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21765\/revisions\/21867"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=21765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}