Exploit for Gitlab 14.9 Authentication Bypass CVE-2022-1162

Name: Exploit for Gitlab 14.9 Authentication Bypass CVE-2022-1162
Rating: 5 (157 reviews)

2022-04-26 | CVSS 7.5

## https://sploitus.com/exploit?id=PACKETSTORM:166828
# Exploit Title: Gitlab 14.9 - Authentication Bypass  
# Date: 12/04/2022  
# Exploit Authors: Greenwolf & stacksmashing  
# Vendor Homepage: https://about.gitlab.com/  
# Software Link: https://about.gitlab.com/install  
# Version: GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2  
# Tested on: Linux  
# CVE : CVE-2022-1162  
# References: https://github.com/Greenwolf/CVE-2022-1162  
  
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.  
  
Exploit:  
  
New Gitlab Accounts (created since the first affect version and if Gitlab is before the patched version) can be logged into with the following password:  
  
123qweQWE!@#000000000