Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Time-of-check Time-of-use (TOCTOU) Race Condition #2476

Closed
Loginsoft-Research opened this issue Jan 25, 2019 · 0 comments
Closed

Time-of-check Time-of-use (TOCTOU) Race Condition #2476

Loginsoft-Research opened this issue Jan 25, 2019 · 0 comments
Assignees

Comments

@Loginsoft-Research
Copy link

Describe Your Environment

  • ZoneMinder v1.33.1
  • Installed from - ppa:iconnor/zoneminder-master

Describe the bug
Time-of-check, time-of-use race conditions occur when a resource is checked for a particular value, that value is changed, then the resource is used, based on the assumption that the value is still the same as it was at check time.

To Reproduce
The session is active for authenticated user, even after deleted from users table, leading to Time-of-check Time-of-use (TOCTOU) Race Condition.
This can allow an non-existing user to access & modify accessible records (Add/delete Monitors,Users etc).

Affected URL :
http://localhost/zm/index.php (Privileged access)

  • Navigate to users page and "Add New User" from users tab and assign any privileges.
  • Delete the newly added user.
  • Deleted user can still access the interface & make modifications to the allowed operations.

An attacker can gain access to otherwise unauthorized resources and modify, delted or update application data.

tack 1

tack 2

tack 3

Expected behavior

  • Destroy the user's session, once the users record is deleted from the database.

Debug Logs


None

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants