CRITICAL🇵🇱 Wersja polska

CVE-2025-6216

CVSS 9.8v3.0pub. 2025-06-21upd. 2025-08-18

Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.

🤖 AI Analysis
How it works

The flaw lies in the calculateTokenExpDate function responsible for generating password reset tokens. The application relies on a predictable value when creating the token, which means an attacker is able to guess or calculate the correct token in advance. By using the generated token, an attacker can bypass the authentication mechanism and obtain unauthorized access to the application. No user interaction or prior authentication is required to conduct the attack.

Impact

An attacker can completely bypass authentication in the Allegra application, which consequently threatens complete account takeover — including administrative accounts — and compromises the confidentiality, integrity, and availability of data processed by the system.

Mitigation & patch

Allegra should be updated to version 8.1.4 or 7.5.2, in which the vendor has provided a patch according to the published release notes. Detailed information is available at: https://alltena.com/en/resources/release-notes/release-notes-for-release-8-1-4-and-release-7-5-2

Who is affected

Alltena Allegra installations in versions prior to 8.1.4 and prior to 7.5.2, according to the vendor's information contained in the references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Alltena Allegra

    APP
    Alltena
    7.0.0 – 7.5.2.70 (bez)8.0.0 – 8.1.24 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-51639CRITICAL9.8PL ✓ten sam produkt

Allegra: path traversal w downloadExportedChart umożliwia ominięcie uwierzytelnienia

CVE-2023-51638CRITICAL9.8PL ✓ten sam produkt

Allegra: pominięcie uwierzytelnienia przez zakodowane hasło w bazie danych

CVE-2025-3485HIGH8.8ten sam produkt

Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows ...

CVE-2025-3486HIGH8.8ten sam produkt

Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows re...

CVE-2023-51644HIGH7.3ten sam produkt

Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allow...