CVE-2017-12584

Name of the Vulnerable Software and Affected Versions SLiMS versions 8 Akasia through 8.3.1

Description The issue allows remote attackers to perform a complete account takeover by tricking a user into changing their password to an attacker-controlled one. This is possible because there is no CSRF mitigation and the user profile, including the password, can be updated without requiring the current password. The passwd1 and passwd2 fields in the admin/modules/system/app user.php endpoint, specifically when changecurrent=true, are vulnerable to this attack.

Recommendations For SLiMS versions 8 Akasia through 8.3.1, consider implementing CSRF mitigation measures and require the current password to be sent when updating the user profile, including the password, to prevent unauthorized changes. As a temporary workaround, restrict access to the admin/modules/system/app user.php endpoint, especially when changecurrent=true, to minimize the risk of exploitation.