Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.
The flaw lies in the calculateTokenExpDate function responsible for generating password reset tokens. The application relies on a predictable value when creating the token, which means an attacker is able to guess or calculate the correct token in advance. By using the generated token, an attacker can bypass the authentication mechanism and obtain unauthorized access to the application. No user interaction or prior authentication is required to conduct the attack.
An attacker can completely bypass authentication in the Allegra application, which consequently threatens complete account takeover — including administrative accounts — and compromises the confidentiality, integrity, and availability of data processed by the system.
Allegra should be updated to version 8.1.4 or 7.5.2, in which the vendor has provided a patch according to the published release notes. Detailed information is available at: https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2
Alltena Allegra installations in versions prior to 8.1.4 and prior to 7.5.2, according to the vendor's information contained in the references.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAlltena Allegra
APPAlltena7.0.0 – 7.5.2.70 (bez)8.0.0 – 8.1.24 (bez)
Related vulnerabilities
Allegra: path traversal w downloadExportedChart umożliwia ominięcie uwierzytelnienia
Allegra: pominięcie uwierzytelnienia przez zakodowane hasło w bazie danych
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows ...
Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows re...
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allow...