[OJSI-65] ONAP Portal allows to retrieve password of currently active user (CVE-2019-12122) - ONAP JIRA

Clone

Clone+

Clone++

XML

Word

Printable

Details

Type: Task
Status: Public disclosure
Priority: Highest
Resolution: Done
Affects Version/s: Casablanca Maintenance Release, Dublin Release, Casablanca
Fix Version/s: El Alto Release
Labels:

OJSI CVE:
CVE-2019-12122
OJSI Impact Description:

Hide

Title: ONAP Portal allows to retrieve password of currently active user

Reporter: Krzysztof Opasiak from Samsung

Products: Portal

Affects: Dublin and earlier

Description:

Krzysztof Opasiak from Samsung reported a vulnerability in Portal. By executing a call to ONAPPORTAL/portalApi/loggedinUser an attacker who posses user's cookie may retrieve user's password from the database. All Portal setups are affected.

Show
Title: ONAP Portal allows to retrieve password of currently active user Reporter: Krzysztof Opasiak from Samsung Products: Portal Affects: Dublin and earlier Description: Krzysztof Opasiak from Samsung reported a vulnerability in Portal. By executing a call to ONAPPORTAL/portalApi/loggedinUser an attacker who posses user's cookie may retrieve user's password from the database. All Portal setups are affected.
OJSI Grant Project Access:
OJSI-PORTAL

Description

ONAP Portal allows to retrieve user password based on SESSION value stored in
Cookie. Call to ONAPPORTAL/portalApi/loggedinUser, which is used to retrieve details
about active user, returns not only email addresses and personal data but also password
in plain text. Command below allows to retrieve password of active user
based on session id.

curl -k -i -H ’Accept: application/json’ -H ’Cookie: SESSION=YWNmM2IwNTZ+ZTkzOH40NTM2fmI1MGZ+YTIxMGY3MWZlMDBi’ -X GET https://<IP addr>:30225/ONAPPORTAL/portalApi/loggedinUser