CVE-2023-47312 – Headwind MDM Web panel 5.22.1 – Login Credential Leakage via Audit Entries

Published CVE numbers:

 

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.

The Audit plugin provides a detailed list of the web panel’s operations. When a configuration is updated, the set password is stored in an audit entry and returned without being masked. Due to the missing permission control, the audit plugin may not be accessible to lower-level users.

Exploitation’s steps

Authentication: Required (low-level user access is enough)

  • Due to the vulnerability of CVE-2023-47316, even low-level users can access the Functions tab and the menu item Audit under this tab.

Accessible Audit function
Accessible Audit function
  • Users can retrieve all details belonging to the given log entry by clicking the search icon.

Password property contains a plaintext password to the given configuration
Password property contains a plaintext password to the given configuration
  • Affected API call: /rest/plugins/audit/private/log/search (POST)