Login Sign Up

CVE-2023-2105

8.8 HIGH
Authentication Bypass

📋 TL;DR

This session fixation vulnerability in easyappointments allows attackers to hijack user sessions by fixing session IDs before authentication. It affects all users of easyappointments versions prior to 1.5.0, potentially enabling unauthorized access to appointment management systems.

💻 Affected Systems

Products:
  • easyappointments
Versions: All versions prior to 1.5.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations using default configuration. The vulnerability is in the session management logic.

📦 What is this software?

Easyappointments by Easyappointments

View all CVEs affecting Easyappointments →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to the appointment system, allowing them to view, modify, or delete all appointments, customer data, and system settings.

🟠

Likely Case

Unauthorized access to user accounts leading to data exposure and manipulation of appointment bookings.

🟢

If Mitigated

Limited impact with proper session management controls and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the referenced commit and bounty reports. Attackers can fix session IDs before user authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0

Vendor Advisory: https://github.com/alextselegidis/easyappointments/commit/7f37350fab9d729a9350d96369ff0f453cf7b840

Restart Required: Yes

Instructions:

1. Backup your current installation and database. 2. Download version 1.5.0 from GitHub. 3. Replace all files with the new version. 4. Restart your web server. 5. Verify the fix by checking session behavior.

🔧 Temporary Workarounds

Session Regeneration After Login

all

Implement custom session regeneration after successful authentication to prevent session fixation.

Modify authentication logic to call session_regenerate_id(true) after login

🧯 If You Can't Patch

  • Implement web application firewall rules to detect and block session fixation attempts
  • Enable strict session management controls and monitor for unusual session activity

🔍 How to Verify

Check if Vulnerable:

Check if session ID remains the same before and after authentication. If session ID doesn't change after login, the system is vulnerable.

Check Version:

Check the version.php file or admin panel for version number

Verify Fix Applied:

Verify that session IDs are regenerated after successful authentication and that old session IDs become invalid.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts with same session ID
  • Session IDs that persist across authentication events
  • Unusual session creation patterns

Network Indicators:

  • HTTP requests with manipulated session cookies
  • Session fixation attempts in HTTP headers

SIEM Query:

source="web_logs" AND (session_id="*" AND event="login_success") | stats count by session_id | where count > 1

📊 Metadata

CVE ID: CVE-2023-2105
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-384
Published: April 15, 2023
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2105, you might also want to check these:

CVE-2024-11317 10.0

CVE-2024-11317 is a session fixation vulnerability in ABB ASPECT, NEXUS, and MATRIX series products ...

Same vulnerability type (CWE-384)
CVE-2024-38513 10.0

This vulnerability in GoFiber's session middleware allows attackers to supply their own session_id, ...

Same vulnerability type (CWE-384)
CVE-2021-20151 10.0

This vulnerability allows session hijacking on Trendnet AC2600 routers by exploiting IP-based sessio...

Same vulnerability type (CWE-384)