CSAL#51

Security Notification # CSAL51			Advisory Title: OTP Bypass Possible
Document ID:	TAS/PRD/GEN/SN-CSAL#51	Document Name:	Security Notification # CSAL51	Doc. Rev.:	0

Publication Date	15-Jan-24	Incident Source	CSAL51	CVE / Vulnerability Reference	OWASP(A2)
Last Update	06-Feb-24	Reported By	Valency Networks Testing Agency	Advisory ID#	Posting Not Started Yet
Current Version	WP500 FW 0.6.6	CVSS Score	9.5

Vulnerability Description		The report identifies a critical vulnerability in the One-Time Password (OTP) authentication mechanism used by our system. Specifically, the OTP validation process is executed on the client side rather than the server side. This flaw allows an attacker to bypass the OTP requirement by capturing a successful OTP response and then injecting it into a failure response scenario, enabling unauthorized access with a false or reused OTP. This vulnerability poses a significant risk to the integrity and security of our system, potentially compromising user accounts and sensitive data....
Impact		The vulnerability was discovered during a routine security assessment by Valency Networks Testing. It involves the manipulation of the OTP validation mechanism, where the client-side application validates the OTP. Attackers can intercept the network traffic to capture a successful OTP validation response. This captured response can then be injected into the session of an OTP validation attempt that would otherwise fail due to an incorrect OTP. As a result, the system erroneously grants access based on the client-side validation, ignoring the critical step of server-side verification.
Affected products		WP500 Firmware 0.65 Version
Temporary Fix / Mitigation		Please update to WebApp Version 2.0 to Solve this Problem.
Acknowledgment		Valency Networks , Pune
History		NA
Classification of Vulnerability		Authentication and Authorization.