Plattform
other
Komponente
2fauth
Behoben in
5.4.2
CVE-2024-52598 describes a Server-Side Request Forgery (SSRF) and URI validation bypass vulnerability present in 2FAuth, a web application for managing Two-Factor Authentication (2FA) accounts. This vulnerability allows attackers to manipulate the application into making requests to arbitrary URLs, potentially leading to data exposure and other malicious actions. The vulnerability affects versions of 2FAuth up to and including 5.4.1, and a fix is available in version 5.4.1.
The SSRF vulnerability in 2FAuth allows an attacker to craft a malicious POST request to /api/v1/twofaccounts/preview, specifying a remote URI. If the application accepts this URI and attempts to retrieve an image from it, the attacker can control the target URL. This enables the attacker to potentially access internal resources, read sensitive data from other services, or even interact with external systems on behalf of the 2FAuth server. The URI validation bypass further exacerbates the risk, as it may allow bypassing of intended restrictions on the target URL. The impact can range from information disclosure to potential remote code execution depending on the targeted internal services.
CVE-2024-52598 was publicly disclosed on 2024-11-20. The vulnerability's SSRF nature makes it potentially attractive to attackers seeking to map internal networks or access sensitive data. There is no indication of active exploitation or KEV listing at the time of writing. Public proof-of-concept code is not yet widely available, but the vulnerability's ease of exploitation suggests it may become a target for opportunistic attackers.
Organizations using 2FAuth to manage two-factor authentication, particularly those with internal services accessible from the 2FAuth server, are at risk. Environments with weak network segmentation or inadequate WAF protection are especially vulnerable. Shared hosting environments where multiple users share the same 2FAuth instance could also be affected, potentially allowing an attacker to compromise other users' 2FA accounts.
• linux / server:
journalctl -u 2fauth -g "remote URI retrieval"• generic web:
curl -I <2fauth_server_ip>/api/v1/twofaccounts/preview -d 'uri=http://attacker.com/malicious_image.jpg' | grep -i 'Server:'disclosure
Exploit-Status
EPSS
0.12% (31% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-52598 is to upgrade 2FAuth to version 5.4.1 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from the 2FAuth application, specifically blocking requests to unexpected or unauthorized domains. Strictly validate and sanitize any user-supplied input, especially URLs, to prevent manipulation. Monitor application logs for unusual outbound requests or errors related to image retrieval. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability with a known malicious URI and verifying that the request is blocked or handled safely.
Aktualisieren Sie 2FAuth auf Version 5.4.1 oder höher. Diese Version behebt die Server Side Request Forgery (SSRF) und die URI-Validierungs-Umgehung. Das Update verhindert, dass externe Angreifer über die Anwendung auf interne Ressourcen zugreifen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-52598 is a Server-Side Request Forgery (SSRF) vulnerability in 2FAuth versions up to 5.4.1, allowing attackers to make requests to arbitrary URLs.
You are affected if you are using 2FAuth version 5.4.1 or earlier. Upgrade to version 5.4.1 to mitigate the risk.
Upgrade 2FAuth to version 5.4.1 or later. As a temporary workaround, implement a WAF to filter outbound requests.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the 2FAuth project's official website or security advisories for the latest information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.