PT-2023-25658 · Prolion · Prolion Cryptospike
Published
2023-12-06
·
Updated
2024-10-11
·
CVE-2023-36655
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProLion CryptoSpike version 3.0.15P2
Description
The issue concerns the login REST API when using LDAP or Active Directory as the user store. It allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combinations.
Recommendations
For ProLion CryptoSpike version 3.0.15P2, consider temporarily restricting access to the login REST API until a patch is available, or apply configuration changes to enforce case-sensitive username validation to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prolion Cryptospike