Improper Authorization in hdinnovations/unit3d-community-edition


Reported on

Nov 17th 2021


2FA bypass in in chat functions. The "twostep" middleware is not implemented under the vue.php routing.

Proof of Concept

1: Login into account with 2FA. Do not complete the 2FA process.
2: See all chat messages at https://[UNIT3D-URL]/api/chat/messages/1
3: If the CSRF token does not change per request, an attacker can use the logout CSRF token to sign all other malicious POST requests to the chat function


This vulnerability is capable of 2FA bypass in chat functions


'twostep' middleware not implemented

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. 2 years ago
2 years ago


I found this by accident because it looks like the demo site language has been changed to Hungarian and it looks like someone else enabled 2FA on the demo site :/

haxatron modified the report
2 years ago
HDVinnie validated this vulnerability 2 years ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie marked this as fixed with commit aed196 2 years ago
HDVinnie has been awarded the fix bounty
This vulnerability will not receive a CVE
vue.php#L23 has been validated
to join this conversation