Critical WSO2 SOAP Vulnerability Let Attackers Reset Password for Any User Account
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical security vulnerability in multiple WSO2 products has been discovered that allows attackers to reset passwords for any user account, potentially leading to complete system compromise.
CVE-2024-6914, published on May 22, 2025, represents a severe threat to organizations using WSO2’s enterprise software suite, with security researchers assigning it a maximum CVSS score of 9.8.
The vulnerability stems from an incorrect authorization flaw in the account recovery SOAP admin service, enabling malicious actors to bypass authentication mechanisms and gain unauthorized access to user accounts, including those with elevated administrative privileges.
The vulnerability exploits a business logic flaw within WSO2’s account recovery-related SOAP admin service, specifically targeting endpoints exposed through the /services context path.
Critical WSO2 SOAP Vulnerability
This incorrect authorization vulnerability, classified under CWE-863 (Incorrect Authorization), allows remote attackers to execute password reset operations without proper authentication or authorization checks.
The attack vector requires no user interaction and can be executed remotely over the network, making it particularly dangerous for organizations with publicly accessible WSO2 deployments.
According to the official security advisory, the vulnerability affects the core authentication mechanisms of WSO2 products.
When exploited successfully, attackers can take control of targeted accounts, including administrative users, thereby posing significant security risks to the entire infrastructure.
The Zero Day Initiative has documented this as an “Exposed Dangerous Function Authentication Bypass Vulnerability,” highlighting how the flaw results from the exposure of dangerous functions within the user self-registration process.
Risk Factors Details Affected Products– WSO2 API Manager 2.2.0 to 4.3.0- WSO2 Identity Server 5.3.0 to 7.0.0- WSO2 Identity Server as Key Manager 5.3.0 to 5.10.0- WSO2 Open Banking AM/IAM/KM 1.3.0 to 2.0.0 ImpactFull account takeover Exploit Prerequisites– Exposure of /services SOAP admin endpoints to untrusted networks- Lack of network segmentation per WSO2’s Security Guidelines for Production Deployment CVSS 3.1 Score9.8 (Critical)
Affected Products
The vulnerability impacts a wide range of WSO2 products across multiple versions. Affected systems include WSO2 API Manager versions 4.3.0 through 2.2.0, WSO2 Identity Server versions 7.0.0 through 5.3.0, WSO2 Identity Server as Key Manager, and various WSO2 Open Banking products.
The comprehensive scope of affected products underscores the severity of this security issue, as these enterprise-grade solutions are widely deployed in production environments worldwide.
The attack mechanism leverages the SOAP admin services framework, which handles account recovery operations.Attackers can craft malicious requests to the /services endpoint to trigger unauthorized password reset functionality.
The vulnerability’s exploitability is enhanced by its network-accessible nature, with the CVSS vector string indicating that it can be exploited over the network with low attack complexity and requires no privileges or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Organizations using affected WSO2 products should immediately implement security measures to mitigate this critical vulnerability.
The primary recommendation involves following WSO2’s “Security Guidelines for Production Deployment” to restrict access to SOAP admin services from untrusted networks.
When these guidelines are properly implemented, the CVSS score reduces from 9.8 to 8.8, though the risk remains high.
Immediate mitigation steps include disabling public exposure of the /services context path, implementing network-level access controls to restrict SOAP admin service access to trusted networks only, and monitoring for unauthorized password reset attempts.
System administrators should also review and tighten authorization mechanisms across their WSO2 deployments and consider implementing additional authentication layers for administrative functions.
WSO2 has released security patches addressing this vulnerability, and organizations are strongly advised to apply these updates immediately.
The availability of proof-of-concept exploit code and the vulnerability’s inclusion in various threat intelligence feeds indicate active interest from the security research community, potentially increasing exploitation risk for unpatched systems.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical WSO2 SOAP Vulnerability Let Attackers Reset Password for Any User Account
Author: KaaviyaA critical security vulnerability in multiple WSO2 products has been discovered that allows attackers to reset passwords for any user account, potentially leading to complete system compromise.
CVE-2024-6914, published on May 22, 2025, represents a severe threat to organizations using WSO2’s enterprise software suite, with security researchers assigning it a maximum CVSS score of 9.8.
The vulnerability stems from an incorrect authorization flaw in the account recovery SOAP admin service, enabling malicious actors to bypass authentication mechanisms and gain unauthorized access to user accounts, including those with elevated administrative privileges.
The vulnerability exploits a business logic flaw within WSO2’s account recovery-related SOAP admin service, specifically targeting endpoints exposed through the /services context path.
Critical WSO2 SOAP Vulnerability
This incorrect authorization vulnerability, classified under CWE-863 (Incorrect Authorization), allows remote attackers to execute password reset operations without proper authentication or authorization checks.
The attack vector requires no user interaction and can be executed remotely over the network, making it particularly dangerous for organizations with publicly accessible WSO2 deployments.
According to the official security advisory, the vulnerability affects the core authentication mechanisms of WSO2 products.
When exploited successfully, attackers can take control of targeted accounts, including administrative users, thereby posing significant security risks to the entire infrastructure.
The Zero Day Initiative has documented this as an “Exposed Dangerous Function Authentication Bypass Vulnerability,” highlighting how the flaw results from the exposure of dangerous functions within the user self-registration process.
Risk Factors Details Affected Products– WSO2 API Manager 2.2.0 to 4.3.0- WSO2 Identity Server 5.3.0 to 7.0.0- WSO2 Identity Server as Key Manager 5.3.0 to 5.10.0- WSO2 Open Banking AM/IAM/KM 1.3.0 to 2.0.0 ImpactFull account takeover Exploit Prerequisites– Exposure of /services SOAP admin endpoints to untrusted networks- Lack of network segmentation per WSO2’s Security Guidelines for Production Deployment CVSS 3.1 Score9.8 (Critical)
Affected Products
The vulnerability impacts a wide range of WSO2 products across multiple versions. Affected systems include WSO2 API Manager versions 4.3.0 through 2.2.0, WSO2 Identity Server versions 7.0.0 through 5.3.0, WSO2 Identity Server as Key Manager, and various WSO2 Open Banking products.
The comprehensive scope of affected products underscores the severity of this security issue, as these enterprise-grade solutions are widely deployed in production environments worldwide.
The attack mechanism leverages the SOAP admin services framework, which handles account recovery operations.Attackers can craft malicious requests to the /services endpoint to trigger unauthorized password reset functionality.
The vulnerability’s exploitability is enhanced by its network-accessible nature, with the CVSS vector string indicating that it can be exploited over the network with low attack complexity and requires no privileges or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Organizations using affected WSO2 products should immediately implement security measures to mitigate this critical vulnerability.
The primary recommendation involves following WSO2’s “Security Guidelines for Production Deployment” to restrict access to SOAP admin services from untrusted networks.
When these guidelines are properly implemented, the CVSS score reduces from 9.8 to 8.8, though the risk remains high.
Immediate mitigation steps include disabling public exposure of the /services context path, implementing network-level access controls to restrict SOAP admin service access to trusted networks only, and monitoring for unauthorized password reset attempts.
System administrators should also review and tighten authorization mechanisms across their WSO2 deployments and consider implementing additional authentication layers for administrative functions.
WSO2 has released security patches addressing this vulnerability, and organizations are strongly advised to apply these updates immediately.
The availability of proof-of-concept exploit code and the vulnerability’s inclusion in various threat intelligence feeds indicate active interest from the security research community, potentially increasing exploitation risk for unpatched systems.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
