CVE-2024-51478 – This vulnerability in YesWiki allows attackers ... (How to Fix)

Q: What is the severity of CVE-2024-51478?

CVE-2024-51478 has a CVSS score of 9.9 (CRITICAL). This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptography and a hard-coded salt. Attackers can then reset passwords for any user account, potentially gaining unauthorized access. All YesWiki instances prior to version 4.4.5 are affected.

📋 TL;DR

This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptography and a hard-coded salt. Attackers can then reset passwords for any user account, potentially gaining unauthorized access. All YesWiki instances prior to version 4.4.5 are affected.

💻 Affected Systems

Products:

YesWiki

Versions: All versions prior to 4.4.5

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. The vulnerability exists in the password reset mechanism.

📦 What is this software?

Yeswiki by Yeswiki

View all CVEs affecting Yeswiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover of all user accounts including administrators, leading to full system compromise, data theft, and potential privilege escalation.

🟠

Likely Case

Unauthorized password resets for user accounts, enabling attackers to access sensitive information, modify content, or perform actions as legitimate users.

🟢

If Mitigated

Limited impact if password reset functionality is disabled or additional authentication controls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit once the cryptographic weakness is understood. No authentication is required to trigger password reset functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.4.5

Vendor Advisory: https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3

Restart Required: No

Instructions:

1. Backup your YesWiki installation and database. 2. Download YesWiki 4.4.5 or later from the official repository. 3. Replace the existing installation files with the new version. 4. Verify that the patch is applied by checking the version.

🔧 Temporary Workarounds

Disable Password Reset Functionality

all

Temporarily disable the password reset feature to prevent exploitation while planning for patching.

Modify YesWiki configuration to remove or disable password reset links and functionality

🧯 If You Can't Patch

Implement network-level controls to restrict access to password reset endpoints
Enable multi-factor authentication for all user accounts to mitigate impact of password resets

🔍 How to Verify

Check if Vulnerable:

Check the YesWiki version in the administration panel or by examining the source code for version markers.

Check Version:

Check the YesWiki admin panel or look for version information in the source files.

Verify Fix Applied:

Verify that the version is 4.4.5 or higher and check that the cryptographic functions for password reset use proper algorithms and unique salts.

📡 Detection & Monitoring

Log Indicators:

Unusual number of password reset requests
Password reset attempts from unexpected IP addresses
Successful password resets followed by immediate login attempts

Network Indicators:

HTTP requests to password reset endpoints with predictable parameters
Multiple reset attempts targeting different usernames

SIEM Query:

source="web_logs" AND (url="*/password/reset*" OR url="*/mot-de-passe-oublie*") AND status=200 | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-51478

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-327

Published: October 31, 2024

Last Updated: May 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51478, you might also want to check these: