Improper Authorization in hdinnovations/unit3d-community-edition
Nov 17th 2021
2FA bypass in in chat functions. The "twostep" middleware is not implemented under the vue.php routing.
Proof of Concept
1: Login into account with 2FA. Do not complete the 2FA process. 2: See all chat messages at https://[UNIT3D-URL]/api/chat/messages/1 3: If the CSRF token does not change per request, an attacker can use the logout CSRF token to sign all other malicious POST requests to the chat function
This vulnerability is capable of 2FA bypass in chat functions