CVE-2021-41171

Product

elabFTW - A free and open source electronic lab notebook designed by researchers, for researchers, with usability in mind

Version Affected

elabFTW before 4.1.0

Description

eLabFTW before 4.1.0 allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header.

Technical Details

The technical details and exploitation can be found in the published paper.

Timeline

• 13/07/2021 - Vulnerability reported to the author
• 14/07/2021 - Vulnerability acknowledged by the author
• 26/07/2021 - Requested an update from the author
• 27/07/2021 - The author responded with new auth implementation that still a WIP
• 09/08/2021 - Requested an update from the author about the implementation
• 10/08/2021 - The author responded with the auth implementation branch that can be tested remotely
• 19/08/2021 - Found a bug in the implementation and reported to the author
• 20/08/2021 - The author acknowledged and is working on the fix to a nightly build
• 30/08/2021 - Still able to bypass the implementation and reported to the author
• 01/09/2021 - The author responded with a new fix for the implementation
• 15/09/2021 - Confirmed the fix is solid and not able to be bypassed
• 01/10/2021 - 4.1.0 version released
• 22/10/2021 - CVE-2021-41171 was assigned
• 25/10/2021 - Full disclosure

References

• GHSA-q67h-5pc3-g6jv
• CVE-2021-41171
• EDB-50436