Miggo Logo

CVE-2018-17107: tgstation-server cached user logins in legacy server

8.4

CVSS Score
3.1

Basic Information

EPSS Score
0.65865%
CWE
-
Published
6/12/2023
Updated
6/12/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
TGServiceInterfacenuget>= 3.2.1.0, <= 3.2.4.03.2.5.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper handling of failed authentication attempts in the WCF communication layer. The critical line in AuthenticationHeaderDecoder.cs returned the existing authPolicy collection (containing cached credentials) instead of a new empty collection when authentication failed. This was explicitly fixed in commit 1812a9c by replacing 'return authPolicy' with 'return new ReadOnlyCollection<IAuthorizationPolicy>(new List<IAuthorizationPolicy>())' to prevent credential reuse. The vulnerability description directly attributes the issue to this cached policy handling during failed logins.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pl**s* not* t*is **visory is *or * *istori**l pr**xistin* issu* in t** l****y s*rv*r *rom ****. It **s lon* sin** ***n tri****. It is **in* mov** **r* *or visi*ility. T** t*xt **low is *opi** *rom t** ori*in*l issu* #*** # You **n lo*in to t** s*rv*

Reasoning

T** vuln*r**ility st*mm** *rom improp*r **n*lin* o* **il** *ut**nti**tion *tt*mpts in t** W** *ommuni**tion l*y*r. T** *riti**l lin* in `*ut**nti**tion*****r***o**r.*s` r*turn** t** *xistin* *ut*Poli*y *oll**tion (*ont*inin* ****** *r***nti*ls) inst*