Exploit for CVE-2024-39924

PoC-CVE-2024-39924 PoC and lab setup for CVE-2024-39924 Description An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. Lab Setup Just build the docker image and run it: ““ download repo git clone https://github.com/l4rm4nd/PoC-CVE-2024-39924 && cd PoC-CVE-2024-39924 build docker image docker build -t CVE-2024-39924 . run docker image docker run –rm –name CVE-2024-39924 -p 443:80 CVE-2024-39924 ““ Then browse https://127.0.0.1 and pwn. Credentials Two user accounts were configured within Vaultwarden. Susan with the e-mail address susan@wulport.com Robert with the e-mail address robert@wulport.com Susan was configured as emergency contact for Robert. Robert chose an approval time of 90 days, which Susan wants to bypass. You can login as Susan with the following creds: Username: susan@wulport.com Password: Emission-darkened8-tr4itor Exploitation https://www.mgm-sp.com/cve/missing-authentication-check-for-emergency-access Issue a PUT request to the API endpoint /api/emergency-access/<UUID> and manipulate the…Read More