Critical Risk: Seeyon OA Arbitrary Password Reset Vulnerability

This content originally appeared on DEV Community and was authored by Sharon

> About Author
Hi, I’m Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.

Seeyon OA is a widely used enterprise Office Automation (OA) platform that helps organizations streamline daily tasks and workflow management.

Recently, Seeyon released a new patch addressing a critical front-end vulnerability that allows attackers to reset any user’s password without authentication.

Chaitin Tech’s emergency response team analyzed the issue and confirmed that many internet-facing Seeyon OA systems remain unpatched and exploitable. To help defenders, they have released a harmless X-POC remote scanner and a CloudWalker local detection tool that are publicly available.

Vulnerability Description

A password reset API in Seeyon OA can be accessed without authentication.

By sending a crafted request, attackers can change the password of any user account — including privileged admin accounts.

This gives attackers a direct path to hijack corporate OA systems.

Detection Tools

X-POC Remote Detection

Command:

./xpoc -r 406 -t http://xpoc.org

Download:

• https://github.com/chaitin/xpoc
• https://stack.chaitin.com/tool/detail?id=1036

CloudWalker Local Detection

Command:

seeyon_oa_resetpass_ct_868971_scanner_windows_amd64.exe

Download:

• https://stack.chaitin.com/tool/detail/1227

Affected Versions

• V5/G6
• V8.1 SP2
• V8.2

Solutions

Temporary Mitigation

Apply network ACLs to restrict access — e.g., only allow trusted IP ranges to reach Seeyon OA systems.

Official Fix

Seeyon has released an official patch:
Patch Download (Official Site)

Product Support

• Yuntu: Supports fingerprint recognition & POC detection
• Dongjian: Supports custom POC detection
• SafeLine WAF: Virtual patch released, blocks exploitation attempts
• Quanxi: Rule updates released, detects this vulnerability
• CloudWalker: Users on platform 23.05.001+ can download the emergency vulnerability intel pack (EMERVULN-23.09.007) to detect exploitation attempts. Older versions should contact CloudWalker support.

Timeline

• Sept 6 – Seeyon OA published official patch
• Sept 7 – Chaitin Emergency Lab analyzed and reproduced the vulnerability
• Sept 7 – Chaitin Security Response Center released advisory

References

• Seeyon Official Patch

Join the SafeLine Community

If you continue to experience issues, feel free to contact SafeLine support for further assistance.

• GitHub Repository
• Official Docs
• Discord Community

This content originally appeared on DEV Community and was authored by Sharon