Hello folks,

A vulnerability was identified in the default admin account’s Login/ResetAdminPassword function, which allows for unauthenticated password resets, possibly allowing an attacker to obtain unauthorised access to the account.

Description:

The vulnerability allows an attacker to modify the password of default admin without any authentication. By accessing the Login/ResetAdminPassword , an attacker can provide an email address associated with the admin account, and a password reset link will be sent to that email address. This password reset link doesn’t require any authentication.Without authentication an attackercan change the admin password.

Impact:

An attacker can gain unauthorized access to the default admin account,which allow them to access sensitive data or perform malicious actions. Depending on the level of access granted to the admin account, an attacker could potentially compromise the entire system and cause significant damage.

Steps to Reproduce:

1. Access the Login/ResetAdminPassword feature of the default admin account.
2. Provide an email address.
3. Wait for the password reset link to be sent to the email address.
4. Click on the password reset link and reset the password for the default admin account.

Remediation:

Authentication required before initiating a password reset. This can be done by requiring the user to provide a valid username and password or by using multi-factor authentication.
Additionally, it is recommended to change the default admin account password and disable or delete the default admin account if it is not required for system administration.

In conclusion,The flaw enables an attacker to change the system administrator password without any authentication.
By submitting the admin account’s linked email address, an attacker may access the Login/ResetAdminPassword and get a link to reset their password.
There is no login necessary for this link to reset your password.
Without being verified, a hacker can alter the admin password.

Happy Hacking..