Open butt0n-sudo opened 1 month ago
CWE-288: Authentication Bypass Using an Alternate Path or Channel An attacker can bypass Steam's OpenID authentication on installations that have disabled "Normal Login".
The Plogin function in sb-callback.php does not validate if "Normal Login" is enable/disabled. A valid sb_auth JWT (JSON Web Token) can be acquired by supplying a valid username and password, bypassing OpenID only authentication.
Plogin
sb-callback.php
sb_auth
https://github.com/sbpp/sourcebans-pp/blob/62f2ab7a2062127d3ceb5c2c52dcb01b69aab461/web/includes/sb-callback.php#L104
Description
CWE-288: Authentication Bypass Using an Alternate Path or Channel An attacker can bypass Steam's OpenID authentication on installations that have disabled "Normal Login".
Details
The
Ploginfunction insb-callback.phpdoes not validate if "Normal Login" is enable/disabled. A validsb_authJWT (JSON Web Token) can be acquired by supplying a valid username and password, bypassing OpenID only authentication.https://github.com/sbpp/sourcebans-pp/blob/62f2ab7a2062127d3ceb5c2c52dcb01b69aab461/web/includes/sb-callback.php#L104