OpenText Visual COBOL LDAP Auth Bypass (pre Patch 19/20, 8/9, 1)
CVE-2023-4501 Published on September 12, 2023
Authentication bypass in OpenText (Micro Focus) Enterprise Server
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.
Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.
Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
Vulnerability Analysis
CVE-2023-4501 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Timeline
Reported by customer.
Fix made available. 14 days later.
Security bulletin published. 10 days later.
Weakness Types
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2023-4501 has been classified to as an authentification vulnerability or weakness.
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Improperly Implemented Security Check for Standard
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Incorrect Check of Function Return Value
The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions. Important and common functions will return some value about the success of its actions. This will alert the program whether or not to handle any errors caused by that function.
Products Associated with CVE-2023-4501
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-4501 are published in these products:
Affected Versions
OpenText Visual COBOL, COBOL Server, Enterprise Developer, Enterprise Server:- Version 7.0.19 and below 7.0.21 is affected.
- Version 8.0.8 and below 8.0.10 is affected.
- Version 9.0.1 and below 9.0.2 is affected.
- Version 7.0.19 and below 7.0.21 is affected.
- Version 8.0.8 and below 8.0.10 is affected.
- Version 9.0.1 and below 9.0.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.