BioStar <\/a>2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users can control BioStar 2 platform remotely with the mobile app for BioStar 2 and manage a mobile access card that they can use to access sites.<\/p>\n\n\n\nTechnical Description:<\/h3>\n\n\n\n On Bio star 2 web application there are 7 different Operator levels, each rule has a different privilege where the \u201cAdministrator<\/strong>\u201d has full permission to do everything on the web application while the \u201cUser Operator\u201d<\/strong> has limited privileges. But due to missing server-side validation, I identified a way to create a highly privileged user. An attacker should be authenticated to the target website and logged in as a \u201cUser Operator\u201d to exploit this vulnerability.<\/p>\n\n\n\nThe security risk of the vulnerability is High with a CVSS (common vulnerability scoring system) count of 8.8 Successful exploitation of the vulnerability results in gaining admin privilege giving the attacker the ability to control the entire system such as <\/p>\n\n\n\n
\nDelete, Modify and add any user<\/li>\n\n\n\n Delete, Modify and add any door<\/li>\n\n\n\n Access to all user’s information from the Active directory if the system was integrated with the AD and much more.<\/li>\n<\/ul>\n\n\n\nProof of Concept (POC):<\/h3>\n\n\n\n\nFrom the dashboard click on \u201cAdd user\u201d<\/li>\n<\/ul>\n\n\n\nSystem dashboard<\/figcaption><\/figure>\n\n\n\n\nNoticed the user\u2019s level \u201cUser Operator\u201d can\u2019t create admin account<\/li>\n<\/ul>\n\n\n\nOperator level<\/figcaption><\/figure>\n\n\n\nOriginal PUT request when adding new user<\/em><\/figcaption><\/figure>\n\n\n\n\nUsing a proxy interceptor modify the value of the \u201cid\u201d parameter from 255 to 1 to change the user rule<\/li>\n<\/ul>\n\n\n\nModified PUT request, the value has been changed from 255 to 1<\/em><\/figcaption><\/figure>\n\n\n\n\nLogin to the new account <\/li>\n<\/ul>\n\n\n\nNew admin account has been created on Bio star 2<\/em><\/figcaption><\/figure>\n\n\n\nExploit using python:<\/h3>\n\n\n\nPython script, that takes user token to generate a new admin account, by sending a PUT request.<\/em><\/figcaption><\/figure>\n\n\n\nRunning the script.<\/em><\/figcaption><\/figure>\n\n\n\nSolution – Fix & Patch:<\/h3>\n\n\n\n Suprema recommend using the latest version of Bio star 2, at the time of publishing the blog | 2022 Q4, v2.9.1. <\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
CVE-2023-31923 Product & Service Introduction: BioStar 2 is a web-based, open, and integrated security platform that provides comprehensive functionality for access control, time & attendance management, visitor management, and video log maintenance. It encrypts all personal data available and supports both SDKs and web APIs to integrate BioStar 2 with third-party software. In addition, users […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"yoast_head":"\n
Creating a new user with admin Privilege -<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n