Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
AI Analysis
Technical Summary
Casdoor version 1.901.0 and earlier contains a Cross-Site Request Forgery (CSRF) vulnerability in the /api/set-password endpoint. This vulnerability allows an attacker to change the password of a user without requiring the victim to re-enter their old password or any additional authentication. The exploit works by tricking an authenticated user into submitting a crafted POST request to the vulnerable endpoint, which changes the password of a specified user account (e.g., the admin account) to a value controlled by the attacker. The provided proof-of-concept exploit demonstrates an HTML form that automatically submits a POST request to /api/set-password with hidden fields specifying the target userOwner, userName, and newPassword. Because the endpoint does not verify the origin or implement anti-CSRF tokens, the attack can be executed silently if the victim is logged into the Casdoor web application at the time of the attack. This vulnerability compromises the integrity and confidentiality of user accounts by allowing unauthorized password resets, potentially leading to full account takeover. Casdoor is an open-source identity and access management platform, often deployed in web environments to manage authentication and authorization. The lack of a patch link or CVE indicates that this vulnerability may be newly disclosed and unpatched at the time of reporting. The exploit code is provided as plain text HTML and JavaScript, which can be easily embedded in malicious web pages or phishing emails to target logged-in users. Overall, this CSRF vulnerability poses a significant risk to the security of Casdoor deployments, especially those exposed to untrusted networks or users.
Potential Impact
For European organizations using Casdoor 1.901.0 or earlier, this vulnerability can lead to unauthorized account takeovers, including administrative accounts, resulting in loss of control over identity management systems. This can cascade into broader security breaches, such as unauthorized access to sensitive applications, data exfiltration, and disruption of authentication services. Since Casdoor manages authentication and authorization, compromise of its accounts undermines the integrity of access controls across the organization. The attack requires the victim to be logged in and visit a malicious page, so social engineering or phishing campaigns could be used to trigger the exploit. The impact is particularly severe for organizations with critical infrastructure or sensitive data protected by Casdoor, as attackers could gain persistent access or create backdoor accounts. Additionally, the lack of existing patches means organizations are exposed until they implement mitigations or upgrade. Given the web-based nature of Casdoor, organizations with internet-facing deployments or those allowing remote access are at higher risk. The vulnerability could also affect supply chain security if Casdoor is used in third-party services or SaaS platforms serving European customers.
Mitigation Recommendations
1. Immediately upgrade Casdoor to a version that includes a fix for this CSRF vulnerability once available. Monitor the official Casdoor repository and security advisories for patches. 2. Implement Web Application Firewall (WAF) rules to detect and block suspicious POST requests to /api/set-password that do not originate from legitimate sources or lack proper CSRF tokens. 3. Enforce strict SameSite cookie attributes (e.g., SameSite=Strict or Lax) on authentication cookies to reduce the risk of CSRF attacks via cross-site requests. 4. Deploy Content Security Policy (CSP) headers to restrict the domains that can execute scripts or submit forms, limiting the attack surface for malicious payloads. 5. Conduct user awareness training to reduce the likelihood of users visiting malicious links or phishing pages that could trigger CSRF attacks. 6. If immediate patching is not possible, consider temporarily disabling or restricting access to the /api/set-password endpoint or requiring additional authentication factors for password changes. 7. Implement server-side CSRF protections such as anti-CSRF tokens or verifying the Origin and Referer headers on sensitive endpoints. 8. Monitor logs for unusual password change activities, especially for privileged accounts, and establish alerting mechanisms for suspicious behavior. 9. Review and harden overall identity and access management policies to limit the impact of compromised accounts, including enforcing multi-factor authentication (MFA) where possible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
Indicators of Compromise
- exploit-code: # Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF) # Application: Casdoor # Version: 1.901.0 # Date: 03/07/2024 # Exploit Author: Van Lam Nguyen # Vendor Homepage: https://casdoor.org/ # Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip # Tested on: Windows # CVE : N/A Overview ================================================== Casdoor v1.901.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL. Proof of Concept ================================================== Made an unauthorized request to /api/set-password that bypassed the old password entry authentication step <html> <form action="http://localhost:8000/api/set-password" method="POST"> <input name='userOwner' value='built-in' type='hidden'> <input name='userName' value='admin' type='hidden'> <input name='newPassword' value='hacked' type='hidden'> <input type=submit> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </html> If a user is logged into the Casdoor Webapp at time of execution, a new user will be created in the app with the following credentials userOwner: built-in userName: admin newPassword: hacked
Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
Description
Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
AI-Powered Analysis
Technical Analysis
Casdoor version 1.901.0 and earlier contains a Cross-Site Request Forgery (CSRF) vulnerability in the /api/set-password endpoint. This vulnerability allows an attacker to change the password of a user without requiring the victim to re-enter their old password or any additional authentication. The exploit works by tricking an authenticated user into submitting a crafted POST request to the vulnerable endpoint, which changes the password of a specified user account (e.g., the admin account) to a value controlled by the attacker. The provided proof-of-concept exploit demonstrates an HTML form that automatically submits a POST request to /api/set-password with hidden fields specifying the target userOwner, userName, and newPassword. Because the endpoint does not verify the origin or implement anti-CSRF tokens, the attack can be executed silently if the victim is logged into the Casdoor web application at the time of the attack. This vulnerability compromises the integrity and confidentiality of user accounts by allowing unauthorized password resets, potentially leading to full account takeover. Casdoor is an open-source identity and access management platform, often deployed in web environments to manage authentication and authorization. The lack of a patch link or CVE indicates that this vulnerability may be newly disclosed and unpatched at the time of reporting. The exploit code is provided as plain text HTML and JavaScript, which can be easily embedded in malicious web pages or phishing emails to target logged-in users. Overall, this CSRF vulnerability poses a significant risk to the security of Casdoor deployments, especially those exposed to untrusted networks or users.
Potential Impact
For European organizations using Casdoor 1.901.0 or earlier, this vulnerability can lead to unauthorized account takeovers, including administrative accounts, resulting in loss of control over identity management systems. This can cascade into broader security breaches, such as unauthorized access to sensitive applications, data exfiltration, and disruption of authentication services. Since Casdoor manages authentication and authorization, compromise of its accounts undermines the integrity of access controls across the organization. The attack requires the victim to be logged in and visit a malicious page, so social engineering or phishing campaigns could be used to trigger the exploit. The impact is particularly severe for organizations with critical infrastructure or sensitive data protected by Casdoor, as attackers could gain persistent access or create backdoor accounts. Additionally, the lack of existing patches means organizations are exposed until they implement mitigations or upgrade. Given the web-based nature of Casdoor, organizations with internet-facing deployments or those allowing remote access are at higher risk. The vulnerability could also affect supply chain security if Casdoor is used in third-party services or SaaS platforms serving European customers.
Mitigation Recommendations
1. Immediately upgrade Casdoor to a version that includes a fix for this CSRF vulnerability once available. Monitor the official Casdoor repository and security advisories for patches. 2. Implement Web Application Firewall (WAF) rules to detect and block suspicious POST requests to /api/set-password that do not originate from legitimate sources or lack proper CSRF tokens. 3. Enforce strict SameSite cookie attributes (e.g., SameSite=Strict or Lax) on authentication cookies to reduce the risk of CSRF attacks via cross-site requests. 4. Deploy Content Security Policy (CSP) headers to restrict the domains that can execute scripts or submit forms, limiting the attack surface for malicious payloads. 5. Conduct user awareness training to reduce the likelihood of users visiting malicious links or phishing pages that could trigger CSRF attacks. 6. If immediate patching is not possible, consider temporarily disabling or restricting access to the /api/set-password endpoint or requiring additional authentication factors for password changes. 7. Implement server-side CSRF protections such as anti-CSRF tokens or verifying the Origin and Referer headers on sensitive endpoints. 8. Monitor logs for unusual password change activities, especially for privileged accounts, and establish alerting mechanisms for suspicious behavior. 9. Review and harden overall identity and access management policies to limit the impact of compromised accounts, including enforcing multi-factor authentication (MFA) where possible.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Edb Id
- 52281
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit code for Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
# Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF) # Application: Casdoor # Version: 1.901.0 # Date: 03/07/2024 # Exploit Author: Van Lam Nguyen # Vendor Homepage: https://casdoor.org/ # Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip # Tested on: Windows # CVE : N/A Overview ================================================== Casdoor v1.901.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-passw... (878 more characters)
Threat ID: 68489e217e6d765d51d53fb3
Added to database: 6/10/2025, 9:05:37 PM
Last enriched: 6/11/2025, 9:12:09 PM
Last updated: 8/8/2025, 12:22:52 PM
Views: 16
Related Threats
Cisco ISE 3.0 - Remote Code Execution (RCE)
CriticalCisco ISE 3.0 - Authorization Bypass
Mediumprojectworlds Online Admission System 1.0 - SQL Injection
MediumMicrosoft Windows - Storage QoS Filter Driver Checker
Mediumatjiu pybbs 6.0.0 - Cross Site Scripting (XSS)
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.