Listen to this Post
The vulnerability in OctoPrint (up to v1.10.3) allows attackers to bypass frontend authentication by injecting the `X-Preemptive-Recording: yes` HTTP header. This affects three key functions in octoprint/server/util/init.py: require_login, require_login_with, and require_fresh_login_with. When this header is present, the functions skip login redirection, granting access to frontend HTML pages.
While most sensitive data is fetched via authenticated API calls, some pages (like the reverse proxy test page) expose embedded data, such as reverse proxy IPs. The core risk involves future code changes mistakenly relying on these flawed functions for authentication. The issue was fixed in v1.11.0.
DailyCVE Form
Platform: OctoPrint
Version: <=1.10.3
Vulnerability: Auth bypass
Severity: Medium
Date: 2024-XX-XX
What Undercode Say:
Exploit:
import requests
url = "http://target:5000/control"
headers = {"X-Preemptive-Recording": "yes"}
response = requests.get(url, headers=headers)
print(response.text) Bypasses login
Mitigation:
1. Patch: Upgrade to v1.11.0+.
2. WAF Rule: Block requests with `X-Preemptive-Recording` header.
- Manual Fix: Modify `init.py` to ignore the header:
def require_login(): if "X-Preemptive-Recording" in request.headers: return redirect("/login")
4. Logging: Monitor suspicious headers:
grep "X-Preemptive-Recording" /var/log/octoprint/access.log
5. Network Control: Restrict OctoPrint port (default:5000) to trusted IPs.
Analytics:
- Attack Surface: Low (limited data exposure).
- Exploit Complexity: Simple (header manipulation).
- CVE Trend: Rare in OctoPrint; similar flaws in other Python webapps.
Detection:
curl -I http://localhost:5000 -H "X-Preemptive-Recording: yes" | grep 200
References:
- OctoPrint Changelog: v1.11.0
- CVE Database: CVE-2024-XXXX
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
