An authentication and authorization bypass vulnerability exists in Dovestones Software AD Phonebook versions prior to 4.0.0.11. The application exposes an administrative file upload endpoint that can be accessed by unauthenticated remote attackers.
Incorrect Access Control
In Dovestones Software AD Phonebook before version 4.0.0.11, the
/ADPhonebook/Admin/UploadLogo endpoint fails to enforce authentication and authorization
checks before processing file upload requests. As a result, an unauthenticated attacker
can issue a crafted HTTP POST request to this endpoint without a valid session cookie
or authentication token and upload or overwrite image files on the server.
This vulnerability demonstrates a failure in backend access control enforcement for administrative functionality.
- Product: Dovestones Software AD Phonebook
- Versions Affected: All versions prior to 4.0.0.11
- Tested Version: 4.0.0.10
- Fixed Version: 4.0.0.11
/ADPhonebook/Admin/UploadLogoendpoint- File upload handler
- Authentication and authorization middleware
Successful exploitation allows unauthorized file upload or modification, which may lead to:
- Overwriting legitimate company logo files
- Content spoofing or visual defacement
- Attack Type: Remote
- Authentication Required: No
- Exploitation Method: Crafted HTTP POST request to the vulnerable endpoint
- Network access to the application’s administrative interface is sufficient
Upgrade to Dovestones Software AD Phonebook version 4.0.0.11 or later, which includes proper authentication and authorization checks for the affected endpoint.
- Discovered by: Fedrick R. Sequeira (Accenture)
- Discovery Date: October 18, 2024
- Vendor Website: http://dovestones.com