Description

The vulnerability is related to the Authorization header used for user login. After logging out, the token in the Authorization header remains valid and does not expire. Additionally, the token has an excessively long duration of 10 hours, as confirmed by a request.

This vulnerability allows an attacker to use the token to gain unauthorized access to the application or system even after the user has logged out, leading to potential data breaches, unauthorized modification or deletion of sensitive data, or other malicious activities.

Proof of Concept

curl -i -s -k -X $'POST'
-H $'Host: 192.168.0.8:9080' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0' -H $'Accept: /' -H $'Accept-Language: en_US' -H $'Accept-Encoding: gzip, deflate' -H $'Authorization: 79529c05-b3ec-11ed-8492-0242ac110002' -H $'Content-Type: application/json' -H $'Content-Length: 78' -H $'Origin: http://192.168.0.8:9080' -H $'Connection: close' -H $'Referer: http://192.168.0.8:9080/admin/users' -H $'X-PwnFox-Color: blue'
--data-binary $'{"display_name":"mailtest","email":"mailtest@gmail.com","password":"Passowrd"}'
$'http://192.168.0.8:9080/answer/admin/api/user'

Impact

The "Authorization Token Never Expires" vulnerability can have a significant impact on the security of an application or system protected by a token. The main impact of this vulnerability is that the token can be used indefinitely by any user or attacker who has access to it. This can lead to unauthorized access to sensitive information, as the user or attacker can bypass authentication and gain access to the application or system without a valid username and password.