CVE-2021-43136 – CVE-2021-43136 is an authentication bypass vuln... (How to Fix)

Q: How do I fix CVE-2021-43136?

1. Backup your FormaLMS installation and database. 2. Download FormaLMS version 2.4.5 or later from the official website. 3. Replace the vulnerable files with the patched version. 4. Verify the installation is working correctly.

Q: What is the severity of CVE-2021-43136?

CVE-2021-43136 has a CVSS score of 9.8 (CRITICAL). CVE-2021-43136 is an authentication bypass vulnerability in FormaLMS learning management systems that allows attackers to gain unauthorized access to the platform without valid credentials. This affects all organizations running vulnerable versions of FormaLMS, potentially exposing sensitive student data, course materials, and administrative functions.

📋 TL;DR

CVE-2021-43136 is an authentication bypass vulnerability in FormaLMS learning management systems that allows attackers to gain unauthorized access to the platform without valid credentials. This affects all organizations running vulnerable versions of FormaLMS, potentially exposing sensitive student data, course materials, and administrative functions.

💻 Affected Systems

Products:

FormaLMS

Versions: <= 2.4.4

Operating Systems: All platforms running FormaLMS

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability stems from a default configuration issue that allows authentication bypass through specific parameter manipulation.

📦 What is this software?

Formalms by Formalms

View all CVEs affecting Formalms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the FormaLMS instance with administrative access, allowing data theft, manipulation of courses and grades, installation of backdoors, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to user accounts, theft of sensitive educational data, manipulation of course content, and potential privilege escalation to administrative functions.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication requirements for sensitive functions, and regular monitoring for unauthorized access attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details available on Packet Storm Security and Hacktive Security blog. The attack requires no authentication and minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.5 and later

Vendor Advisory: https://formalms.org

Restart Required: No

Instructions:

1. Backup your FormaLMS installation and database. 2. Download FormaLMS version 2.4.5 or later from the official website. 3. Replace the vulnerable files with the patched version. 4. Verify the installation is working correctly.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block requests containing the specific parameter manipulation used in the exploit

Add WAF rule to block requests with suspicious authentication parameters

Access Restriction

all

Restrict access to FormaLMS to trusted IP ranges only

Configure firewall rules to allow only authorized IP addresses to access FormaLMS

🧯 If You Can't Patch

Implement strict network segmentation to isolate FormaLMS from critical systems
Enable detailed logging and monitoring for authentication attempts and implement alerting for suspicious activities

🔍 How to Verify

Check if Vulnerable:

Check if your FormaLMS version is 2.4.4 or earlier by examining the version file or admin panel

Check Version:

Check the FormaLMS admin panel or examine the version.txt file in the installation directory

Verify Fix Applied:

Verify the version is 2.4.5 or later and test authentication functionality

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Multiple failed login attempts followed by successful access from same IP
Access to admin functions from non-admin accounts

Network Indicators:

HTTP requests with manipulated authentication parameters
Unusual traffic patterns to authentication endpoints

SIEM Query:

source="formalms_logs" AND (event_type="authentication" AND result="success" AND user_agent="*exploit*" OR parameter="*auth_bypass*"))

📊 Metadata

CVE ID: CVE-2021-43136

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: November 10, 2021

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/164930/FormaLMS-2.4.4-Authentication-Bypass.html Exploit,Third Party Advisory,VDB Entry
https://blog.hacktivesecurity.com Third Party Advisory
https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/ Exploit,Third Party Advisory
https://formalms.org Vendor Advisory
http://packetstormsecurity.com/files/164930/FormaLMS-2.4.4-Authentication-Bypass.html Exploit,Third Party Advisory,VDB Entry
https://blog.hacktivesecurity.com Third Party Advisory
https://blog.hacktivesecurity.com/index.php/2021/10/05/cve-2021-43136-formalms-the-evil-default-value-that-leads-to-authentication-bypass/ Exploit,Third Party Advisory
https://formalms.org Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43136, you might also want to check these: