As we are familiar WordPress is a popular [CMD : content management system] tool which allow us to create and manage websites easily, like any other software, WordPress constantly faces many plugin based exploit, one of the recently discovered attack titled under CVE-2023-2982 with critical severity which typically allow adversaries to bypass the login authentication.
The vulnerability exist in miniOrange’s Social Login <= 7.6.4 - plugin.
Note: miniOrange provides a simplified method of authentication via social networks by enabling users to utilize their existing social media credentials sign up for third-party websites and apps, thus eliminating the need for creating new accounts & eventually increasing your registrations.
The Attack Flow:
The Login authentication is a crucial aspect of authentication and access control, It generally verifies the identity of a user before granting access to protected resources. as usual the credential data is sent for an encryption during the login process and the data required for login must be decrypted using the secret key at the time of request.
But as per the vulnerability the encryption key is hardcoded and exposed in vulnerable versions of the plugin, which means that adversaries can also had access to the key which was not unique per WordPress installation.
This might lead an attackers to craft a valid malicious request for unauthenticated attackers to log in as any existing user on the site, such as an administrator.
Recommendation
Regular Update
Multi Factor Authentication
Ref:
Thank you for taking the time to read this blog post, and I hope that it has been helpful to you. I'd love to hear your thoughts, so please comment below and let me know your thoughts!