Presenton
Monthly
Authentication bypass in Presenton's bundled MCP server exposes server and Docker deployments to unauthenticated remote exploitation via the unprotected /mcp endpoint. When operators configure session authentication using AUTH_USERNAME/AUTH_PASSWORD, nginx enforces access control on all paths except /mcp, which is absent from the auth_request gate - and the MCP server compounds this by auto-minting valid internal session tokens for the configured user on any incoming request. An unauthenticated remote attacker can therefore invoke MCP tools such as generate_presentation as if fully authenticated, consuming the operator's LLM API keys and writing arbitrary presentations to the instance. A publicly available proof-of-concept exists; no active exploitation confirmed in CISA KEV.
Authentication bypass in Presenton's bundled MCP server exposes server and Docker deployments to unauthenticated remote exploitation via the unprotected /mcp endpoint. When operators configure session authentication using AUTH_USERNAME/AUTH_PASSWORD, nginx enforces access control on all paths except /mcp, which is absent from the auth_request gate - and the MCP server compounds this by auto-minting valid internal session tokens for the configured user on any incoming request. An unauthenticated remote attacker can therefore invoke MCP tools such as generate_presentation as if fully authenticated, consuming the operator's LLM API keys and writing arbitrary presentations to the instance. A publicly available proof-of-concept exists; no active exploitation confirmed in CISA KEV.