Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
The authentication mechanism in AuthenticationServlet does not require the presence of a Password field in the submitted request. An attacker can send a crafted HTTP request to AuthenticationServlet, omitting the password field, which results in a session being granted without identity verification. In a typical exploitation scenario, omitting this field leads to login with superadministrator privileges, giving full control over the platform.
An attacker without any credentials can gain full access to the Silverpeas application, including access to all data, configuration, and administrative functions at the superadministrator privilege level. This results in complete loss of confidentiality, integrity, and availability of the system.
Silverpeas should be immediately updated to version 6.3.5 or later. Patches and release tags are available in the project's GitHub repository (https://github.com/Silverpeas/Silverpeas-Core/tags). Until the update is applied, it is recommended to restrict network access to the Silverpeas instance only to trusted IP addresses at the firewall level.
Silverpeas in versions before 6.3.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSilverpeas
APPSilverpeas< 6.3.5
Related vulnerabilities
Silverpeas – pomijanie wymagań złożoności hasła przy jego zmianie
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be tr...
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via t...
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to ex...
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID paramete...