Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-7378 PoC — CRIXP OpenCRX Unverified Password Change

Source
https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378
Associated Vulnerability
Title:CRIXP OpenCRX Unverified Password Change (CVE-2020-7378)
Description:CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.
Description
Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378. Also maintains Stealth by deleting all the password reset mails created by the script
Readme
# openCRX-CVE-2020-7378 (Unauthenticated Account Take Over)
Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378.

## A Stealthy Python Implentation for CVE-2020-7378

### Exploit is because, the developers used Random Class from java.util.Random to generate random tokens in order to reset a users password
### Instead they should be using the SecureRandom Class from java.security.SecureRandom to generate random tokens

#### Tested on v4.2.0, but should also work for other versions reported in the disclosure report of CVE-2020-7378
# Usage
`./openCRXreset.py -u <URL> -user <USERNAME> -pass <PASSWORD>`

  ![](https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378/blob/main/images/help.png)

# Features
- Uses python rich library to display a robust output

  ![](https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378/blob/main/images/inital-run.png)

- Deletes all the temporarily created files locally as part of the script

- Deletes **only the password reset mails** generated by the script in order to maintain stealth 

  ![](https://github.com/ruthvikvegunta/openCRX-CVE-2020-7378/blob/main/images/final.png)
File Snapshot

 [4.0K]  /data/pocs/71ff4839afe2634e3483bc987440fdf61f5661d3
├── [4.0K]  images
│   ├── [206K]  final.png
│   ├── [ 89K]  help.png
│   └── [126K]  inital-run.png
├── [1.0K]  LICENSE
├── [8.9K]  openCRXreset.py
├── [ 796]  openCRXtimeGen.java
└── [1.1K]  README.md

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →