CVE-2020-5206
published 2020-01-30CVE-2020-5206: In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if…
PriorityP265critical10CVSS 3.1
AVNACLPRNUINSCCHIHAN
EPSS
1.29%
66.7th percentile
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apereo | opencast | < 7.6 | 7.6 |
| apereo | opencast | — | — |
| opencast | opencast | < 7.6 | 7.6 |
| opencast | opencast | — | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Authentication Bypass For Endpoints With Anonymous Access in Opencast
ghsa·2020-01-30
CVE-2020-5206 [CRITICAL] CWE-285 Authentication Bypass For Endpoints With Anonymous Access in Opencast
Authentication Bypass For Endpoints With Anonymous Access in Opencast
### Impact
Using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication.
### Patches
This problem is fixed in Opencast 7.6 and Opencast 8.1
### Workarounds
As a workaround for older, unpatched versions, disabling remember-me cookies in `etc/security/mh_default_org.xml` will mitigate the problem but will obviously also disable th
OSV
Authentication Bypass For Endpoints With Anonymous Access in Opencast
osv·2020-01-30
CVE-2020-5206 [CRITICAL] Authentication Bypass For Endpoints With Anonymous Access in Opencast
Authentication Bypass For Endpoints With Anonymous Access in Opencast
### Impact
Using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication.
### Patches
This problem is fixed in Opencast 7.6 and Opencast 8.1
### Workarounds
As a workaround for older, unpatched versions, disabling remember-me cookies in `etc/security/mh_default_org.xml` will mitigate the problem but will obviously also disable th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/opencast/opencast/commit/b157e1fb3b35991ca7bf59f0730329fbe7ce82e8https://github.com/opencast/opencast/security/advisories/GHSA-vmm6-w4cf-7f3xhttps://github.com/opencast/opencast/commit/b157e1fb3b35991ca7bf59f0730329fbe7ce82e8https://github.com/opencast/opencast/security/advisories/GHSA-vmm6-w4cf-7f3x
2020-01-30
Published