Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.
The vulnerability results from the lack of user identity verification during the password change procedure (CWE-620 — Unverified Password Change). An attacker can construct a properly crafted HTTP POST request and send it directly to the '/public/cgi/Gateway.php' endpoint. The server accepts this request without checking whether the sender knows the current account password or is authorized to perform this operation, resulting in successful password change for the selected user.
An unauthorized attacker can gain full control over any user account in the Janto system by changing its password, leading to unauthorized access to application data and functions. In the case of administrative accounts, the consequences may include complete system takeover.
Janto software should be updated immediately to version r12 or newer. As an additional remedial measure until the update is deployed, network access to the '/public/cgi/Gateway.php' endpoint can be restricted at the firewall or web server level to only trusted sources. Details are available in the manufacturer's references and the INCIBE-CERT statement.
Janto software in versions prior to r12.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L