Erlang/OTP inets mod_auth Authentication Bypass (CVE-2020-28000) Fix Analysis

Erlang/OTP inets Module Authentication Bypass Vulnerability (CVE-2020-28000) Fix Summary Vulnerability Overview This vulnerability exists in the module of Erlang/OTP, specifically affecting the and modules. A security flaw occurs when (script alias) is configured and combined with (module authentication) for directory-based access control. Core Issue: Authorization rules are evaluated against the alias URL path rather than the actual file system path where the script resides. Consequence: If CGI scripts are mapped outside the DocumentRoot, they may not be properly protected by directory authentication. An attacker can execute CGI scripts located outside the DocumentRoot by accessing the alias URL, thereby bypassing the authentication mechanism. Scope of Impact Affected Modules: module within . Affected Files: Trigger Scenario: When the server is configured with and is enabled for directory authentication. Remediation Plan Commit fixes this vulnerability by modifying the function in both and : 1. mod_auth.erl: Ensures is handled correctly within the function, ensuring authorization rules are evaluated based on the actual file system path. 2. mod_cgi.erl: Adds a check for within the function to ensure configurations are updated correctly when is present, thereby protecting CGI scripts mapped outside the DocumentRoot. 3. Logic Correction**: Ensures the and logic functions correctly to support authentication checks based on the actual path. POC/Testing Code The screenshot includes test code ( ) used to verify the fix, demonstrating how to exploit the vulnerability (or verify the remediation):

Goal Reached Thanks to every supporter — we hit 100%!

Erlang/OTP inets mod_auth Authentication Bypass (CVE-2020-28000) Fix Analysis

More from this source