Open secureness opened 1 year ago
if the server is vulnerable to JWT authentication bypass with none algorithm method and also if there is a default client id "00000003-0000-0ff1-ce00-000000000000"
then it is easy to find out if this version of SharePoint is vulnerable or not.
Hi @secureness,
Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.
Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.
Thanks!
Hi @secureness,
I have labeled your other issues as "Contributor queue" for now. We are enforcing more strictly the one review per contributor as we cannot keep up with review otherwise. We will review this plugin and then dequeue the other ones progressively. I choose this plugin because it seems to me to be the one that would be the fastest to merge, but let me know if you would prefer to go with the F5 or VMWare ones.
If you think I incorrectly labeled one of the issues, please let me know. ~tooryx
@tooryx I already submitted the VMware PR because it was the oldest submission, please check out here.
I understand, but I also felt that getting the sharepoint one merged would be faster (because I will take us longer to reproduce the VMWare one internally). But it is totally up to you. Just let me know which one you would like to prioritize.
Hi, I have a vulnerable version of the SharePoint server and want to implement a tsunami plugin.
ref: https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/