An authentication bypass vulnerability in poweradmin allows unauthenticated attackers to hijack OIDC/SAML sessions and perform full account takeovers.

The application improperly trusts the HTTP_HOST request header when constructing callback URLs for OIDC and SAML flows. This allows an unauthenticated attacker to manipulate the authentication handshake and intercept sensitive authorization codes.

This vulnerability carries a CVSS score of 9.6, reflecting the ease of exploit and the severity of the impact. Successful exploitation results in complete administrative account takeover, granting attackers full control over DNS administration and the ability to redirect traffic, exfiltrate sensitive data, or disable security services.

Immediate Action: Upgrade poweradmin to version 4.2.4, 4.3.3, or the latest available release to incorporate proper validation of redirect URIs.

Proactive Monitoring: Review authentication logs for unusual redirect patterns or attempts to access the application from unauthorized hosts.

Compensating Controls: Implement strict URL filtering on WAFs to ensure that redirect_uri parameters in OIDC/SAML flows match expected, hardcoded domains.

Public Exploit Available: No

The severity of this flaw necessitates an immediate upgrade. Administrators must prioritize patching this vulnerability to prevent credential theft and unauthorized access to critical DNS management infrastructure.