Richard Dean, CX security advisory, EMEAR, discovered this vulnerability. Blog by Jon Munshaw.
Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to create training courses, post courses and more. An attacker could exploit this vulnerability by predicting a password reset seed to generate the correct password reset for a one-time token.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Epignosis to ensure that this issue is resolved and that an update is available for affected customers.
Vulnerability details
Epignosis eFront LMS password reset authentication bypass vulnerability (TALOS-2020-1221/CVE-2020-28597)
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed, it is possible to generate the correct password reset for a one-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.
Read the complete vulnerability advisory here for additional information.
Versions tested
Talos tested and confirmed that versions 5.2.17 and 5.2.21 are affected by this vulnerability.
Coverage
The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.
Snort Rules: 56832