Carinal Tien Hospital Health Report System - Authorization Bypass Through User-Controlled Key

Vulnerability

The Carinal Tien Hospital Health Report System (version unknown, as the vendor did not disclose the affected version [1]) contains an improper authentication vulnerability on its login page. The system does not adequately validate the user's identity; a remote attacker can modify a cookie parameter (likely a user identifier) to impersonate any other general user without needing to authenticate [1].

Exploitation

An attacker with network access to the login page can exploit this by simply changing the value of a cookie parameter (e.g., a user ID) in an HTTP request to the server [1]. No authentication or prior access is required, and no user interaction is needed. The attacker only needs to know or guess another user's identifier (possibly sequential or predictable) [1].

Impact

Successful exploitation allows the attacker to assume the privileges of the targeted user [1]. The attacker can then perform limited operations on the system or modify data, which may cause the legitimate user to become unable to use some services [1]. The impact touches confidentiality (unauthorized access to user-specific data), integrity (unauthorized data modification), and availability (partial denial of service for the affected user) [1].

## Mitigation the hospital has updated the system to fix the vulnerability [1]. No further details about the fix or affected versions have been disclosed [1].