sourcebans-pp icon indicating copy to clipboard operation
sourcebans-pp copied to clipboard
verified publisher icon sbpp

Security: XAJAX API 'Plogin' can bypass disabled 'Enable Normal Login'

Open butt0n-sudo opened this issue 1 year ago • 0 comments

Description

CWE-288: Authentication Bypass Using an Alternate Path or Channel An attacker can bypass Steam's OpenID authentication on installations that have disabled "Normal Login".

Details

The Plogin function in sb-callback.php does not validate if "Normal Login" is enable/disabled. A valid sb_auth JWT (JSON Web Token) can be acquired by supplying a valid username and password, bypassing OpenID only authentication.

https://github.com/sbpp/sourcebans-pp/blob/62f2ab7a2062127d3ceb5c2c52dcb01b69aab461/web/includes/sb-callback.php#L104

1725397985_grim

butt0n-sudo avatar Sep 04 '24 09:09 butt0n-sudo