Paperclip Authentication Bypass Chain Leading to Unauthenticated RCE
Paperclip instances with default configuration allow unauthenticated account creation, authentication bypass, and privilege escalation to RCE through a six-step API chain. This affects all publicly accessible deployments running in authenticated mode without explicit hardening.
Affected
Vulnerability Analysis
Root Cause & Classification: This is a multi-stage authentication and authorization bypass vulnerability chain combining four independent flaws: (1) insecure default configuration enabling open sign-up without invite controls, (2) email verification disabled by hardcoded flag rather than configuration, (3) insufficient role-based access control on sensitive endpoints, and (4) unsafe import/execution functionality accessible to low-privilege users. The vulnerability class spans CWE-1188 (insecure defaults), CWE-287 (improper authentication), and CWE-434 (unrestricted upload of dangerous file types).
PoC Significance: The disclosed attack chain proves that operators deploying Paperclip with assumed-secure "authenticated mode" defaults are actually exposing RCE to any network-connected attacker without credentials, user interaction, or social engineering. The six-API-call proof demonstrates high reliability and reproducibility. Preconditions are minimal: (1) network access to the instance, (2) default PAPERCLIP_AUTH_DISABLE_SIGN_UP=false, (3) email verification not explicitly enabled, (4) import/execution endpoints not behind additional auth layers.
Detection Guidance: Monitor these indicators: (1) /api/auth/sign-up/email POST requests from external IPs with successful 200-201 responses, especially if followed by immediate login attempts; (2) New user accounts created without corresponding invitation tokens in audit logs; (3) Rapid account creation→login→privilege escalation sequences within seconds; (4) Access to sensitive import/execution endpoints (/api/*/import, /api/*/execute) immediately after account creation; (5) HTTP 201/200 responses on file upload endpoints from newly created low-privilege accounts; (6) Unusual process spawning or shell execution logged by the Paperclip service process.
Mitigation Steps: (1) Immediate: Set PAPERCLIP_AUTH_DISABLE_SIGN_UP=true in all production deployments unless open registration is explicitly required; (2) Deploy network segmentation—restrict Paperclip to internal networks or behind authentication proxies; (3) Review and enforce role-based access control (RBAC) on all import/execution endpoints to require admin-level privileges; (4) Enable email verification by modifying better-auth.ts configuration or patching the hardcoded requireEmailVerification: false flag; (5) Implement rate limiting on /api/auth/sign-up/* endpoints; (6) Add webhook/alerting for account creation events outside expected patterns; (7) Monitor service logs for unexpected process execution; (8) Update to the next patched version immediately when available.
Risk Assessment: Likelihood of wild exploitation: VERY HIGH. This vulnerability requires no authentication, no user interaction, and is trivial to automate. Security researchers, opportunistic attackers, and advanced persistent threat (APT) groups actively scan for exposed Paperclip instances. The chain is documented in public advisories. Any organization deploying Paperclip on internet-facing networks with default configuration should assume compromise is likely. Threat actor interest will be immediate and sustained given the RCE impact and low barrier to entry. This represents critical infrastructure risk for any data stored in or processed by Paperclip instances.
Sources