CVE-2021-42949: 
Linux Debian vulnerability analysis and mitigation

The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. This vulnerability was discovered in 2021 and assigned CVE-2021-42949, with a CVSS v3.1 base score of 9.8 (CRITICAL). The vulnerability affects HotelDruid version 3.0.3 and earlier versions (NVD, GitHub Advisory).

The vulnerability stems from the predictable pattern used in session token generation. The session ID is dynamically created at each login using a pattern that combines {date}{time}{100000-999999}{incremented login attempts}. While the session ID is correlated with stored data (remote_addr and user-agent) for partial mitigation, these additional security measures can be bypassed. The user agent can be guessed or known, and the remote_addr check can be circumvented by using the same computer as the vulnerable session or becomes irrelevant if the webapp is behind a reverse proxy (GitHub Advisory).

An attacker can potentially bypass authentication and gain unauthorized access to the HotelDruid management interface by identifying and bruteforcing valid session IDs. This could lead to complete system compromise given the critical nature of the hotel management software and its access to sensitive information (NVD).

The vulnerability has been fixed in versions after 3.0.3. Hotel Druid administrators are advised to update their software to the latest patched version. As of November 2024, the latest available version is 3.0.7 (HotelDruid Website).