CVE-2018-25177

Data Center Audit 2.6.2 suffers from a cross-site request forgery (CSRF) vulnerability in the password reset functionality. The dca_resetpw.php endpoint accepts POST requests with parameters updateuser, pass, pass2, and submit_reset without any anti-CSRF token or session validation, enabling an attacker to forge requests that modify the administrator password [1].

Exploitation requires no prior authentication, as the endpoint does not verify the current password or require the victim to be logged in. An attacker can either directly submit a crafted POST request to dca_resetpw.php or embed a malicious form on a third-party site to trick an authenticated admin into submitting it. The proof-of-concept provided by an exploit researcher demonstrates changing the admin password to an arbitrary value via a simple HTTP POST [1].

Successful exploitation grants the attacker full administrative access to the Data Center Audit web application. This allows them to perform any administrative action, including viewing or modifying audit data, configuring system settings, and potentially gaining further access to the underlying server.

The developer has not released a patched version for this CVE. Users of Data Center Audit 2.6.2 should consider the software end-of-life and migrate to an alternative solution or implement their own CSRF protection by adding tokens and requiring the current password for password changes.