Login Sign Up

CVE-2021-21495

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

CVE-2021-21495 is a Cross-Site Request Forgery (CSRF) vulnerability in MK-AUTH software that allows attackers to trick authenticated users into changing their passwords without their consent. This affects MK-AUTH installations through version 19.01 K4.9. Attackers can exploit this to lock legitimate users out of their accounts or potentially gain unauthorized access.

💻 Affected Systems

Products:
  • MK-AUTH
Versions: Through 19.01 K4.9
Operating Systems: Any OS running MK-AUTH
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using the vulnerable version are affected regardless of configuration.

📦 What is this software?

Mk Auth by Mk Auth

View all CVEs affecting Mk Auth →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could change administrator passwords, gain full control of the MK-AUTH system, and potentially pivot to other systems in the network.

🟠

Likely Case

Attackers trick users into changing their passwords, causing account lockouts and service disruption.

🟢

If Mitigated

With proper CSRF protections and user awareness, exploitation attempts would fail or be detected.

🌐 Internet-Facing: HIGH - Web applications with CSRF vulnerabilities are prime targets for internet-based attacks.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but external attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be authenticated and visit a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 19.01 K4.9

Vendor Advisory: http://mk-auth.com.br/

Restart Required: No

Instructions:

1. Upgrade MK-AUTH to version after 19.01 K4.9. 2. Apply vendor-provided patches if available. 3. Verify CSRF tokens are implemented in password change functionality.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all state-changing requests including password changes

Implement anti-CSRF tokens in central/executar_central.php?acao=altsenha_princ endpoint

Restrict Password Change Endpoint

all

Add additional authentication requirements for password changes

Require current password confirmation before allowing password change

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF attempts
  • Educate users about phishing risks and implement session timeout policies

🔍 How to Verify

Check if Vulnerable:

Check if MK-AUTH version is 19.01 K4.9 or earlier by examining version files or admin interface

Check Version:

Check MK-AUTH version in admin panel or configuration files

Verify Fix Applied:

Test password change functionality with and without CSRF tokens to ensure protection is working

📡 Detection & Monitoring

Log Indicators:

  • Multiple password change requests from same user in short time
  • Password change requests without proper referrer headers

Network Indicators:

  • HTTP POST requests to central/executar_central.php?acao=altsenha_princ without CSRF tokens

SIEM Query:

source="mk-auth" AND uri="*executar_central.php*" AND action="altsenha_princ"

📊 Metadata

CVE ID: CVE-2021-21495
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: January 4, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21495, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)