CVE-2023-37755
📋 TL;DR
i-doit pro and open versions 25 and below have hardcoded default administrator credentials with no forced password change. Unauthenticated attackers can use these credentials to gain full administrator access, affecting all users running vulnerable versions.
💻 Affected Systems
- i-doit pro
- i-doit open
📦 What is this software?
I Doit by I Doit
I Doit by I Doit
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise - attackers gain administrator privileges to execute arbitrary commands, steal sensitive data, install malware, or cause permanent system damage.
Likely Case
Unauthenticated attackers gain administrative access to modify configurations, access sensitive information, and potentially pivot to other systems.
If Mitigated
With proper network segmentation and monitoring, impact limited to the i-doit application itself with detection of unauthorized access attempts.
🎯 Exploit Status
Simple credential-based attack requiring only knowledge of default credentials. Public proof-of-concept code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 26 or later
Vendor Advisory: https://www.i-doit.com/en/security/
Restart Required: Yes
Instructions:
1. Backup your i-doit installation and database. 2. Download and install i-doit version 26 or later. 3. Follow upgrade instructions from vendor documentation. 4. Restart web services. 5. Change all administrator passwords immediately.
🔧 Temporary Workarounds
Change Default Credentials
allImmediately change default administrator username and password to strong, unique credentials.
Use i-doit web interface: Login → Administration → User Management → Edit admin user → Change credentials
Network Access Control
linuxRestrict network access to i-doit administration interface using firewall rules.
iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Immediately change all default administrator credentials to strong, unique passwords
- Implement network segmentation to restrict access to i-doit administration interface only from trusted networks
🔍 How to Verify
Check if Vulnerable:
Attempt to login to i-doit using default administrator credentials (check vendor documentation for defaults). If login succeeds, system is vulnerable.Check Version:
Check i-doit web interface footer or admin panel for version informationVerify Fix Applied:
1. Verify i-doit version is 26 or later. 2. Attempt to login with default credentials - should fail. 3. Verify new strong credentials work.📡 Detection & Monitoring
Log Indicators:
- Successful login with default admin username
- Multiple failed login attempts followed by admin access
- Unusual admin activity from new IP addresses
Network Indicators:
- Authentication requests to i-doit from unexpected sources
- Administrative API calls from unauthenticated sources
SIEM Query:
source="i-doit" AND (event="login_success" AND user="admin") OR (event="admin_operation" AND src_ip NOT IN trusted_ips)🔗 References
- https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md
- https://medium.com/%40ray.999/d7a54030e055
- https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055
- https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md
- https://medium.com/%40ray.999/d7a54030e055
- https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055
