CVE-2026-10167
Deferred Deferred - Pending Action
Authentication Bypass in BrinaryBrains School System

Publication date: 2026-05-31

Last updated on: 2026-05-31

Assigner: VulDB

Description
A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function sign_auth_cookie of the file application/controllers/Login.php of the component MY_Controller. Executing a manipulation of the argument role can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-31
Last Modified
2026-05-31
Generated
2026-06-20
AI Q&A
2026-05-31
EPSS Evaluated
2026-06-19
NVD
CVE-2026-10167
EUVD
EUVD-2026-33487
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ousl-group school_student_management_system to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-10167 is an authentication bypass issue in the OUSL-GROUP-BrinaryBrains School Student Management System. It affects the sign_auth_cookie function in the Login.php controller. The flaw arises because the system uses a hardcoded encryption key for HMAC-SHA256 signing of the authentication cookie.

An attacker can exploit this by computing a valid signature offline using the known key "Signetbd" and crafting a forged authentication cookie for any user role (such as admin, teacher, student, or parent) and user ID. When the server processes this forged cookie, it validates the signature and grants access to the corresponding user account without requiring a password.

This allows the attacker to bypass authentication remotely and gain unauthorized access to the system.

Impact Analysis

This vulnerability can lead to a complete system compromise because attackers can impersonate any user, including administrators.

  • Unauthorized access to sensitive data.
  • Ability to modify or delete critical information.
  • Full bypass of authentication mechanisms without needing passwords.
  • Remote exploitation without user interaction.
Detection Guidance

This vulnerability can be detected by monitoring for forged `school_auth` cookies that are signed using the known hardcoded key "Signetbd". Since the attack involves crafting a valid HMAC-SHA256 signature offline, detection involves inspecting authentication cookies for suspicious signatures or unexpected user roles.

Commands to detect this might include capturing HTTP requests and analyzing cookies for the `school_auth` cookie value. For example, using tools like tcpdump or Wireshark to capture traffic, then extracting and verifying the cookie signatures offline.

  • Use tcpdump to capture HTTP traffic: tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443'
  • Extract `school_auth` cookies from captured traffic and analyze their signatures using a script that attempts to verify the HMAC-SHA256 with the known key "Signetbd".
  • Look for cookies granting unexpected roles (admin, teacher, student, parent) without proper authentication.
Mitigation Strategies

Immediate mitigation steps include invalidating all existing `school_auth` cookies and changing the signing mechanism to use a secure, secret key that is not hardcoded or publicly known.

Since the vulnerability allows attackers to forge authentication cookies, it is critical to update the system to use a secure, randomly generated key for HMAC signing and to implement additional authentication checks.

  • Invalidate all current sessions and force users to re-authenticate.
  • Replace the hardcoded key "Signetbd" with a secure, secret key stored safely and not exposed in the code.
  • Implement additional server-side validation for user roles and authentication tokens.
  • Monitor logs for suspicious authentication attempts and forged cookies.
Compliance Impact

This vulnerability allows attackers to bypass authentication and gain unauthorized access to sensitive data by forging valid authentication cookies. Such unauthorized access can lead to exposure, modification, or deletion of personal and sensitive information stored within the system.

As a result, this weakness can negatively impact compliance with common data protection standards and regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive data from unauthorized access.

Specifically, the ability for attackers to impersonate administrators and access sensitive user data without authorization violates principles of data confidentiality and integrity mandated by these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10167. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart