CVE-2023-6329

CRITICAL EXPLOITED NUCLEI

Control iD iDSecure Authentication Bypass (CVE-2023-6329)

Title source: metasploit

Description

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.

Exploits (2)

nomisec WORKING POC

by itzvenom · remote

https://github.com/itzvenom/CVE-2023-6329

View Code ZIP pw:eip

metasploit WORKING POC

by Michael Heinzl, Tenable · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/idsecure_auth_bypass.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Control iD iDSecure - Authentication Bypass

CRITICALVERIFIEDby DhiyaneshDK,princechaddha

FOFA: body="iDSecure"

References (1)

[Exploit, Third Party Advisory] https://tenable.com/security/research/tra-2023-36

Scores

CVSS v3 9.8

EPSS 0.9249

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-11-10

CWE

CWE-287

Status published

Products (1)

controlid/idsecure 4.7.32.0

Published Nov 27, 2023

Tracked Since Feb 18, 2026