DEV Community

Sharon
Sharon

Posted on

Critical Risk: Seeyon OA Arbitrary Password Reset Vulnerability

> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.

Seeyon OA is a widely used enterprise Office Automation (OA) platform that helps organizations streamline daily tasks and workflow management.

Recently, Seeyon released a new patch addressing a critical front-end vulnerability that allows attackers to reset any user’s password without authentication.

Chaitin Tech’s emergency response team analyzed the issue and confirmed that many internet-facing Seeyon OA systems remain unpatched and exploitable. To help defenders, they have released a harmless X-POC remote scanner and a CloudWalker local detection tool that are publicly available.


Vulnerability Description

A password reset API in Seeyon OA can be accessed without authentication.

By sending a crafted request, attackers can change the password of any user account — including privileged admin accounts.

This gives attackers a direct path to hijack corporate OA systems.


Detection Tools

X-POC Remote Detection

Command:

./xpoc -r 406 -t http://xpoc.org
Enter fullscreen mode Exit fullscreen mode

Download:

CloudWalker Local Detection

Command:

seeyon_oa_resetpass_ct_868971_scanner_windows_amd64.exe
Enter fullscreen mode Exit fullscreen mode

Download:


Affected Versions

  • V5/G6
  • V8.1 SP2
  • V8.2

Solutions

Temporary Mitigation

Apply network ACLs to restrict access — e.g., only allow trusted IP ranges to reach Seeyon OA systems.

Official Fix

Seeyon has released an official patch:
🔗 Patch Download (Official Site)


Product Support

  • Yuntu: Supports fingerprint recognition & POC detection
  • Dongjian: Supports custom POC detection
  • SafeLine WAF: Virtual patch released, blocks exploitation attempts
  • Quanxi: Rule updates released, detects this vulnerability
  • CloudWalker: Users on platform 23.05.001+ can download the emergency vulnerability intel pack (EMERVULN-23.09.007) to detect exploitation attempts. Older versions should contact CloudWalker support.

Timeline

  • Sept 6 – Seeyon OA published official patch
  • Sept 7 – Chaitin Emergency Lab analyzed and reproduced the vulnerability
  • Sept 7 – Chaitin Security Response Center released advisory

References


Join the SafeLine Community

If you continue to experience issues, feel free to contact SafeLine support for further assistance.

Top comments (0)