Overview
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
Details
The “Dolibarr” application has “Modify” access for admin level users to change other user’s details but fails to validate already existing login names, while renaming the user login; which leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name.
PoC Details
For demonstration purposes we will use three users: “admin” (administrator), “test” (low privileged user) and “ron” (low privileged user). Login as admin. Then go to User and Groups> List of Users. Go to existing ron > Modify > Save. After that, go back to the list, go to test> modify, and change the Login field from “test” to “ron”.
Affected Environments
v3.3.beta1_20121221 to v13.0.2
Prevention
Upgrade to version 14.0.0
Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
What is a WS vulnerability ID? 
