La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2022-45168

CVE-2022-45168 – Livebox Collaboration vDesk

Vulnerability Description: Improper Authentication - CWE-287

Software Version: <= v031

NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-45168

CVSSv3: 6.5

Severity: Medium

Credits: Massimiliano Ferraresi, Andrea Carlo Maria Dattola, Luca Borzacchiello, Massimiliano Brolli

The web application allows an authenticated user to generate the backup codes before having checked the TOTP. This allows an attacker to completely bypass the check.

 

Step-by-step instructions and PoC

The application allows a user to set a “Backup Code” to be used during the two-factor authentication (instead of using the TOTP).

Unfortunately, the application allows a user to generate or regenerate the backup codes before checking the TOTP.

 The vulnerability can be exploited in the following way:

1.         logging into the vDesk web application as SAML user;

2.         selecting the “backup code” option;

3.         perform a createbackupcodes request using the session cookie obtained at 2;

4.         use one of the generated backup codes to bypass the two-factor authentication.

Affected Endpoints

•           URL: https://vdesk.[DOMAIN]/login/backup_code

•           URL: https://vdeskbridge.[DOMAIN]/api/v1/vdeskintegration/createbackupcodes

 

Below are the evidences with the vulnerability details and the payloads used.

Payload used to exploit the vulnerability:

Figure 1 - payload

Click To Enlarge

Figure 2 - Detail of the request for generating the backup codes. 

Click To Enlarge

Security Impact

Malicious users can bypass the two-factor authentication.