CVE-2024-50672
📋 TL;DR
This NoSQL injection vulnerability in Adapt Learning Authoring Tool allows unauthenticated attackers to reset any user's password, including administrators. Successful exploitation enables full account takeover and potential remote code execution via plugin upload. All systems running Adapt Authoring Tool version 0.11.3 or earlier are affected.
💻 Affected Systems
- Adapt Learning Adapt Authoring Tool
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via administrator account takeover leading to remote code execution, data theft, and potential lateral movement within the network.
Likely Case
Administrator account compromise leading to unauthorized access, data manipulation, and potential malware deployment via plugin upload.
If Mitigated
Limited impact if proper input validation and authentication controls are in place, though the vulnerability still exists.
🎯 Exploit Status
Public proof-of-concept code is available, making exploitation straightforward for attackers with basic skills.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: > 0.11.3
Vendor Advisory: https://github.com/adaptlearning/adapt_authoring
Restart Required: Yes
Instructions:
1. Update to the latest version of Adapt Authoring Tool. 2. Restart the application service. 3. Verify the update was successful.
🔧 Temporary Workarounds
Disable Password Reset Feature
allTemporarily disable the password reset functionality until patching is complete.
Modify application configuration to disable password reset endpoint
Network Access Control
allRestrict access to the Adapt Authoring Tool to trusted IP addresses only.
Configure firewall rules to limit access to specific IP ranges
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with NoSQL injection protection rules
- Monitor for suspicious password reset attempts and implement rate limiting
🔍 How to Verify
Check if Vulnerable:
Check the Adapt Authoring Tool version. If it's 0.11.3 or earlier, the system is vulnerable.Check Version:
Check the package.json file or application configuration for version informationVerify Fix Applied:
Verify the version is greater than 0.11.3 and test the password reset functionality with safe test inputs.📡 Detection & Monitoring
Log Indicators:
- Unusual password reset requests, especially for administrator accounts
- Multiple failed login attempts followed by successful password reset
Network Indicators:
- Unusual traffic patterns to password reset endpoints
- Requests containing NoSQL injection patterns in query parameters
SIEM Query:
source="adapt_authoring" AND (event="password_reset" OR uri_path="/api/user/reset")