Miggo Logo

CVE-2023-1463: Improper Authorization in nilsteampassnet/teampass

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.05517%
Published
3/17/2023
Updated
3/23/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
nilsteampassnet/teampasscomposer< 3.0.0.233.0.0.23

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from using user-supplied 'user_id' in logout operations without proper authorization. The patch replaced 'user_id' with a session-based 'token', indicating the original code used insecure user-controlled keys for authorization decisions. The critical change in logout.php shows the system previously trusted the 'user_id' parameter from GET requests, enabling authorization bypass (CWE-639). The affected files (error.php, load.js.php, logout.php) all migrated from user_id-based to token-based session management, confirming the vulnerable pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Improp*r *ut*oriz*tion in *it*u* r*pository nilst**mp*ssn*t/t**mp*ss prior to *.*.*.**.

Reasoning

T** vuln*r**ility st*mm** *rom usin* us*r-suppli** 'us*r_i*' in lo*out op*r*tions wit*out prop*r *ut*oriz*tion. T** p*t** r*pl**** 'us*r_i*' wit* * s*ssion-**s** 'tok*n', in*i**tin* t** ori*in*l *o** us** ins**ur* us*r-*ontroll** k*ys *or *ut*oriz*ti