Horizon Alert
Summary of the vulnerability and why it matters
A critical vulnerability has been identified in V2Board and Xboard software, which are used for managing VPN and proxy services. The issue allows unauthenticated attackers to gain complete account access, including administrative privileges, by exploiting a flaw in the "login with mail link" feature. This feature inadvertently exposes authentication tokens in the system's response to login requests, enabling attackers to impersonate legitimate users.
- Unauthenticated attackers can take over accounts.
- This affects user management and sensitive data.
- Confirm if these systems are in use.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by sending a request to the `loginWithMailLink` endpoint. If the `login_with_mail_link_enable` feature is active, the system will respond with authentication tokens, even without any prior authentication. The attacker can then use these tokens at the `token2Login` endpoint to gain full account access, including administrative privileges.
- No authentication is required.
- Requesting the login with mail link endpoint.
- Complete account takeover, including admin access.
Live Threat
Current exploitation, exposure, and threat context
When the `login_with_mail_link_enable` feature is active, an unauthenticated attacker can obtain a valid bearer token with complete account access, including administrative privileges, by interacting with the `loginWithMailLink` and `token2Login` endpoints.
- User and admin account access.
- Predictable emails, then token exchange.
- Full account takeover, including admin.
Operational Fix
Recommended remediation, mitigation, and detection steps
The critical authentication token exposure vulnerability impacts V2Board and Xboard deployments, likely managed by application owners or dedicated platform teams responsible for these web services. The first practical step is to identify all instances of the affected technology, confirm their accessibility from the internet, and assess business criticality to prioritize remediation efforts.
- Application owners should manage the issue.
- Verify external reachability of the service.
- Plan remediation based on assessed risk.