Exploit for Simple Single Sign On <= 4.1.0 - Authentication Bypass CVE-2022-2083

Name: Exploit for Simple Single Sign On <= 4.1.0 - Authentication Bypass CVE-2022-2083
Rating: 5 (123 reviews)

2022-08-09 | CVSS 2.0

## https://sploitus.com/exploit?id=WPEX-ID:2BBFC855-6901-462F-8A93-120D7FB5D268
When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in.

The button invokes the following URL:
https://lana.solutions/vdb/oauth-client/?auth=sso

The client plugin redirects us to the following URL:
https://lana.solutions/vdb/oauth-server/?oauth=authorize&response_type=code&client_id=A7h8AfabvPH462WLGbcD6Ljb8IOE2tR9uDJva2TW&client_secret=ufMq5A63dGKOxW335SXyQKCNcumxZ2ZILnFk1Mil&redirect_uri=https%3A%2F%2Flana.solutions%2Fvdb%2Foauth-client%2F%3Fauth%3Dsso&state=https%3A%2F%2Flana.solutions%2Fvdb%2Foauth-client

The URL contains the "client_secret" code that can be used to request an access token with client credentials grant type authentication.

Exploit script: https://gist.github.com/lana-codes/7659650c13b38b66b43748809b0c3269