CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Sympa	Sympa	*	6.2.58 (including)
Sympa	Sympa	6.2.59-beta1 (including)	6.2.59-beta1 (including)
Sympa	Ubuntu	bionic	*
Sympa	Ubuntu	groovy	*
Sympa	Ubuntu	trusty	*
Sympa	Ubuntu	upstream	*
Sympa	Ubuntu	xenial	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020
https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md
https://github.com/sympa-community/sympa/issues/1041
https://github.com/sympa-community/sympa/pull/1044
https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/
https://www.debian.org/security/2020/dsa-4818

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-29668
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References