Advisories

EspoCRM 5.7.0 < 5.9.0 - Two-Factor Authentication Bypass via Auth Token Reuse Between Accounts with Identical Passwords

Go Back
severity
high
date
Affecting
  • EspoCRM 5.7.0 < 5.9.0

CWE
  • CWE-303 Incorrect Implementation of Authentication Algorithm
CVSS
8.6
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Credit
Besim ALTINOK, İsmail BOZKURT
Description
EspoCRM 5.7.0 prior to 5.9.0 contains an authentication token reuse vulnerability that allows authenticated attackers to bypass two-factor authentication by exploiting token-to-password-hash mapping in application/Espo/Core/Utils/Authentication/Espo.php. Attackers can obtain an authentication token for a controlled account and replay it against any victim account sharing the same password, since tokens are bound to password hashes rather than unique per-user values, bypassing the victim's 2FA protections.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.
  • Vulnerability Prioritization
    Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
  • Early Warning System
    Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.