Description
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.
Exploits (2)
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/42776
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html
Scores
CVSS v3
7.2
EPSS
0.0159
EPSS Percentile
81.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-332
Status
published
Products (1)
jitbit/helpdesk
< 9.0.3
Published
Aug 09, 2019
Tracked Since
Feb 18, 2026