Listen to this Post
The vulnerability CVE-2023-33952 is an authentication bypass in Liferay DXP and Portal. It stems from improper validation of the “Remember Me” cookie. An attacker can forge a specially crafted cookie payload. The application fails to adequately verify the integrity and source of this cookie. This allows the attacker to bypass the normal login procedure. By sending an HTTP request with the malicious cookie, the system mistakenly authenticates the request. The flaw exists in the `CookieSupport` class’s `getCheckedValue` method. This method does not properly validate the encrypted user identifier within the cookie. Consequently, an attacker can impersonate any user, including administrators. The exploit requires no prior authentication or user interaction. It directly targets the session management mechanism. The vulnerability is remotely exploitable over the network. Successful exploitation grants full access to the victim’s account and associated privileges.
Platform: Liferay DXP
Version: < 7.4.3.102
Vulnerability: Authentication Bypass
Severity: Critical
date: 2023-06-15
Prediction: Patch Released
What Undercode Say:
`curl -H “Cookie: COOKIE_SUPPORT=true; REMEMBER_ME=forged_payload_here” http://target/`
`grep -r “getCheckedValue” liferay-portal-src/</h2>
<h2 style="color: blue;">python3 craft_cookie.py -u admin`
<h2 style="color: blue;">
How Exploit:
1. Intercept login request.
2. Analyze “Remember Me” cookie.
3. Forge cookie with target user ID.
4. Replace cookie in new request.
5. Gain authenticated session.
Protection from this CVE:
Apply vendor patch.
Upgrade to 7.4.3.102+.
Use Web Application Firewall.
Disable “Remember Me”.
Impact:
Complete system compromise.
Data breach.
Privilege escalation.
Unauthorized access.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

