Headline
CVE-2022-31289: My first CVE-2022–31289 - Praveen Mali - Medium
https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ¶¶ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access.
Authentication Bypass on Sonatype Nexus Repository Manager OSS 3.37.3-02
Discovered by : Praveen Mali
Vulnerable Version: OSS 3.37.3-02
Vendor Homepage: https://www.sonatype.com/products/nexus-repository
Hello, My name is Praveen Mali and in this writeup I am going to share my first CVE Id Story.
Bug Description:
Authentication bypass on login page via status code manipulation.
Steps to Reproduce:
- Go to site where Sonatype Nexus Repository Manager OSS 3.37.3-02 is running and click on sign in button.
2. I have entered just random false credentials to capture the request in Burp Suite.
3. Right click on the request and click on do intercept response to this request.
4. In response I saw status code 403 Forbidden.
5. I changed it to 200 OK and forwarded the request.
6. BOOM! I was logged in as admin.
I requested for CVE Id for this vulnerability from https://cveform.mitre.org and few weeks later I received mail that my request was approved and this way I got assigned CVE-2022–31289.
Special Thanks to my mentors Rohit Gautam sir and Shifa Cyclewala ma’am
Thank you so much for reading 🙏
My LinkedIn ID: https://www.linkedin.com/in/praveen-mali/
My Twitter ID: https://twitter.com/pmmali_