CVE-2024-27711
📋 TL;DR
This vulnerability in Eskooly Free Online School Management Software allows remote attackers to escalate privileges through the sign-up process. It affects all versions up to and including v3.0, enabling unauthorized users to gain administrative access.
💻 Affected Systems
- Eskooly Free Online School Management Software
📦 What is this software?
Eskooly by Eskooly
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where attackers gain administrative privileges, access sensitive student/teacher data, modify system configurations, and potentially deploy ransomware or other malware.
Likely Case
Attackers create administrative accounts to access confidential student records, modify grades, alter attendance data, and disrupt school operations.
If Mitigated
Limited impact with proper authentication controls, but still presents a significant authentication bypass risk.
🎯 Exploit Status
The vulnerability is well-documented with public proof-of-concept available. Exploitation requires minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
1. Check for official updates from Eskooly. 2. If no patch is available, consider migrating to alternative software. 3. Apply workarounds immediately.
🔧 Temporary Workarounds
Disable Sign-up Functionality
allTemporarily disable user registration/sign-up functionality to prevent exploitation
Modify application configuration to disable new user registration
Network Access Controls
linuxRestrict access to the Eskooly application using firewall rules
iptables -A INPUT -p tcp --dport [eskooly_port] -s [trusted_ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [eskooly_port] -j DROP
🧯 If You Can't Patch
- Implement strong network segmentation to isolate the Eskooly server
- Deploy a web application firewall (WAF) with authentication bypass protection rules
🔍 How to Verify
Check if Vulnerable:
Attempt to create a new user account through the sign-up process and check if privilege escalation is possibleCheck Version:
Check the application's admin panel or configuration files for version informationVerify Fix Applied:
Test if new user accounts can be created with administrative privileges📡 Detection & Monitoring
Log Indicators:
- Unusual user creation events
- Multiple failed login attempts followed by successful sign-up
- User accounts created with administrative privileges
Network Indicators:
- HTTP POST requests to sign-up endpoints from unexpected IP addresses
- Unusual traffic patterns to user registration endpoints
SIEM Query:
source="eskooly_logs" AND (event="user_created" OR event="signup_success") | stats count by user, ip_address🔗 References
- https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0
- https://blog.be-hacktive.com/eskooly-cve/eskooly-broken-authentication/cve-2024-27711-user-enumeration-via-sign-up-process-in-eskooly-web-product-less-than-v3.0
