Type: CSRF (Add Admin)
Vulnerable Version: 1.2.0
Fixed Version: 1.2.1
ArcticDesk is a lightweight support help desk solution. It lets you manage tickets, emails, announcements, articles, downloads and more, all in one place.
A CSRF (Cross Site Request Forgery) exists in the default settings of ArcticDesk that would allow an attacker to create a new administrator account should a legitimate administrator view a website containing the malicious code. (Due to XSS conditions within ArticDesk an attacker would also be able to submit a ticket containing malicious code in the subject field and should the administrator simply view the ticket list, the CSRF attack will be executed.)
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that a malicious user would be able to obtain administrative access.
This vulnerability was tested against ArcticDesk v1.2.0.
This vulnerability was patched in ArcticDesk v1.2.1.
Vendor Contact Timeline:
2013-05-02: Vendor contacted via email.
2013-05-02: Vendor confirms vulnerability.
2013-06-25: Vendor issues 1.2.1 update.
2013-07-24: Rack911 issues security advisory.