CVE-2023-36655 – This vulnerability allows remote blocked users ... (How to Fix)

Q: What is the severity of CVE-2023-36655?

CVE-2023-36655 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote blocked users to bypass authentication in ProLion CryptoSpike when using LDAP/Active Directory. Attackers can obtain valid authentication tokens by manipulating username case sensitivity, enabling unauthorized access to protected systems. Organizations using CryptoSpike 3.0.15P2 with LDAP/AD authentication are affected.

📋 TL;DR

This vulnerability allows remote blocked users to bypass authentication in ProLion CryptoSpike when using LDAP/Active Directory. Attackers can obtain valid authentication tokens by manipulating username case sensitivity, enabling unauthorized access to protected systems. Organizations using CryptoSpike 3.0.15P2 with LDAP/AD authentication are affected.

💻 Affected Systems

Products:

ProLion CryptoSpike

Versions: 3.0.15P2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects configurations using LDAP or Active Directory as the user store. Local authentication methods are not vulnerable.

📦 What is this software?

Cryptospike by Prolion

View all CVEs affecting Cryptospike →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers gain administrative access, exfiltrate sensitive data, deploy ransomware, or disrupt critical infrastructure operations.

🟠

Likely Case

Unauthorized access to protected files and systems, data theft, privilege escalation, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation, strong monitoring, and multi-factor authentication preventing full exploitation.

🌐 Internet-Facing: HIGH - Remote blocked users can bypass authentication from anywhere if the login API is exposed to the internet.

🏢 Internal Only: HIGH - Even internally, blocked users can regain access and potentially escalate privileges within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires knowledge of blocked usernames but is technically simple - just changing case combinations in login attempts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.16 or later

Vendor Advisory: https://prolion.com/cryptospike/

Restart Required: Yes

Instructions:

1. Download latest CryptoSpike version from ProLion support portal. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Restart CryptoSpike services. 5. Verify authentication works correctly.

🔧 Temporary Workarounds

Switch to Local Authentication

all

Temporarily disable LDAP/AD authentication and use local user accounts until patched.

Network Access Control

all

Restrict access to CryptoSpike login API to trusted IP ranges only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate CryptoSpike from critical systems
Enable detailed authentication logging and monitor for case variation login attempts

🔍 How to Verify

Check if Vulnerable:

Test authentication with known blocked usernames using different case combinations (e.g., 'Admin', 'ADMIN', 'admin'). If any variation succeeds, system is vulnerable.

Check Version:

Check CryptoSpike web interface or run 'cryptospike --version' on the server

Verify Fix Applied:

After patching, repeat case variation tests with blocked users - all should be rejected. Verify version is 3.0.16 or higher.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts with same username but different case
Successful logins from previously blocked users
Authentication logs showing case-insensitive username matching

Network Indicators:

Unusual authentication traffic patterns
Login attempts from unexpected locations

SIEM Query:

source="cryptospike" AND (event_type="authentication" AND (username MATCHES /[a-zA-Z]+/i) AND status="success") | stats count by username, src_ip

📊 Metadata

CVE ID: CVE-2023-36655

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: December 6, 2023

Last Updated: November 21, 2024

🔗 References

https://prolion.com/cryptospike/ Product
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655 Exploit,Third Party Advisory
https://prolion.com/cryptospike/ Product
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36655, you might also want to check these: