Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication

A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability was a bypass to a previously discovered vulnerability, CVE-2023-49070.

Since the root issue of CVE-2023-49070 was left open, a bypass has been discovered as a workaround for the patch. This new vulnerability has been assigned with CVE-2023-51467, and the severity has been given as 9.8 (Critical).

Apache OfBiz Zero-Day

CVE-2023-49070 was a pre-auth RCE vulnerability due to the presence of XML-RPC, which is no longer maintained. However, the released patch was only with removing XML RPC code from the application, which was open for an authentication bypass.

Test Cases

There were two test cases for exploiting this vulnerability—the first one involved including the requirePasswordChange=Y in the URI with empty USERNAME and PASSWORD parameters. 

Due to the misconfiguration of the login condition block, the application resulted in the checkLogin function returning with a “success,” leading to the authentication bypass.

The second test case was similar to the first one, with slightly changing parameters. The USERNAME and PASSWORD parameters are submitted with invalid values.

However, the checkLogin function flow did not enter into the conditional block, which resulted in the authentication being bypassed.

This vulnerability has a publicly available exploit, which penetration testers and security engineers can use to test if the vulnerability exists on their application.

Furthermore, a complete report about this vulnerability has been published by SonicWall, providing detailed information about the code analysis, exploitation, and other information.

Apache OfBiz has fixed this vulnerability in version 18.12.11 and newer. Users of Apache OfBiz are recommended to upgrade to the latest version of this software to prevent this vulnerability from getting exploited by threat actors.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

11 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

12 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

14 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

18 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

19 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

19 hours ago