Lmst

HPE's latest flaw lets attackers bypass authentication without a key—imagine a digital backdoor in your backup system. Can your data stand up to this near-perfect storm?

https://thedefendopsdiaries.com/understanding-the-critical-authentication-bypass-vulnerability-in-hpe-storeonce-software/

#hpe
#authenticationbypass
#cybersecurity
#vulnerability
#infosec

FortiOS Authentication Bypass Vulnerability Lets Attackers Take Full Control of Device
https://cybersecuritynews.com/fortios-authentication-bypass-vulnerability/

#Infosec #Security #Cybersecurity #CeptBiro #FortiOS #AuthenticationBypass #Vulnerability #FullControlOfDevice

A critical flaw in server management software now lets hackers bypass key security measures – could this vulnerability leave your servers wide open to attack? Find out how a new discovery is shaking up cybersecurity.

https://thedefendopsdiaries.com/understanding-and-mitigating-cve-2024-54085-a-critical-bmc-vulnerability/

#cve202454085
#bmcsecurity
#servervulnerability
#authenticationbypass
#cybersecurity

ASUS routers with AiCloud can let hackers in with zero authentication—an urgent reminder to update your firmware and lock down your network. Could your router be the next target?

https://thedefendopsdiaries.com/understanding-the-critical-authentication-bypass-flaw-in-asus-routers/

#asusrouters
#authenticationbypass
#networksecurity
#iotsecurity
#cyberthreats

Understanding the CrushFTP Authentication Bypass Vulnerability: A Critical Cybersecurity Threat

https://thedefendopsdiaries.com/understanding-the-crushftp-authentication-bypass-vulnerability-a-critical-cybersecurity-threat/

#crushftp
#authenticationbypass
#cybersecuritythreat
#cve20252825
#infosec

Understanding the VMware Tools Authentication Bypass Vulnerability

https://thedefendopsdiaries.com/understanding-the-vmware-tools-authentication-bypass-vulnerability/

#vmware
#cybersecurity
#vulnerability
#infosec
#authenticationbypass

GitLab's Critical Vulnerability Fixes: What You Need to Know

https://thedefendopsdiaries.com/gitlabs-critical-vulnerability-fixes-what-you-need-to-know/

#gitlab
#cybersecurity
#vulnerability
#saml
#authenticationbypass

Krytyczny błąd 0day w Fortigate. Jest w trakcie exploitacji, przejmują dostępy do VPNa w firmach.

Luka umożliwia pełne przejęcie urządzenia z poziomu Internetu. Tj. zdobycie uprawnień super-admina. Podatność jest wykorzystywana w realnych atakach, najprawdopodobniej od okolic grudnia 2024. Nie wiadomo dokładnie jaka grupa odpowiedzialna jest za ataki. W ramach ataków wykonywane są takie operacje jak: Podatne są FortiOS (7.0.0 do 7.0.16) oraz FortiProxy (linia 7.0.x...

#WBiegu #0Day #AuthBypass #AuthenticationBypass #Fortigate #VPN

https://sekurak.pl/krytyczny-blad-0day-w-fortigate-jest-w-trakcie-exploitacji-przejmuja-dostepy-do-vpna-w-firmach/

SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls
https://www.securityweek.com/sonicwall-patches-authentication-bypass-vulnerabilities-in-firewalls/

#Infosec #Security #Cybersecurity #CeptBiro #SonicWall #AuthenticationBypass #Vulnerabilities #Firewalls

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

Date: May 21, 2024

CVE: [[CVE-2024-4985]]

Vulnerability Type: Improper Authentication

CWE: [[CWE-287]]

Sources: Cyber Security News, SecurityWeek, The Hacker News

Issue Summary

A critical vulnerability in GitHub Enterprise Server, identified as CVE-2024-4985, was discovered that allows attackers to bypass authentication. This flaw, found in versions 3.9.14, 3.10.11, 3.11.9, and 3.12.3, permits unauthorized access to repositories and sensitive data by exploiting a weakness in the SAML SSO authentication process.

Technical Key Findings

The vulnerability arises from a logic error in the SAML SSO authentication process, where the server fails to verify the validity of digital signatures on SAML responses properly. Attackers can craft SAML assertions with any certificate, which the server incorrectly accepts, allowing the spoofing of user identities, including admin accounts.

Vulnerable Products

GitHub Enterprise Server versions 3.9.14
GitHub Enterprise Server versions 3.10.11
GitHub Enterprise Server versions 3.11.9
GitHub Enterprise Server versions 3.12.3

Impact Assessment

Exploitation of this vulnerability could lead to unauthorized access to private repositories, sensitive data, and administrative controls. This can result in data breaches, code tampering, and potential intellectual property theft.

Patches or Workaround

GitHub has released patched versions (3.9.15, 3.10.12, 3.11.10, and 3.12.4) to address this issue. As an interim measure, enabling SAML certificate pinning can mitigate the risk. Additionally, auditing access logs for suspicious activity and rotating credentials is advised.

Tags

#GitHub #CVE20244985 #SAML #AuthenticationBypass #SecurityFlaw #EnterpriseSecurity #DataBreach #PatchUpdate #CyberSecurity

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

GitLab Vulnerability to GitHub-Style CDN Flaw Allowing Malware Hosting

Date: April 22, 2024
CVE: Not specifically assigned
Vulnerability Type: Authentication bypass
CWE: [[CWE-22]], [[CWE-427]]
Sources: Bleeping Computer Article, Duo Security Article

Issue Summary

GitLab has been identified as vulnerable to a similar flaw that was found in GitHub, where the platform's "comments" feature can be abused to host malware. This vulnerability allows threat actors to upload malicious files to GitLab's CDN under the guise of legitimate projects, making them appear as if they are part of reputable repositories.

Technical Key findings

The flaw stems from the ability to generate links to uploaded files in the comment section before saving or posting the comment. These files, although potentially never visible in a public comment, receive a CDN URL that remains accessible even if the comment is deleted.

The format followed by such files uploaded to GitLab CDN is:
_https://gitlab.com/{project_group_namr}/{repo_name}/uploads/{file_id}/{file_name}_
For videos and images, the files will be stored under the /assets/ path instead.

Vulnerable products

The vulnerability affects all versions of GitLab that include the "comments" feature with file upload capabilities.

Impact assessment

This vulnerability can be exploited to distribute malware by disguising malicious files as legitimate project files, potentially leading to widespread security breaches if these files are executed by unsuspecting users.

Patches or workaround

As of the latest updates, specific patches for this CDN flaw have not been detailed. Users are advised to remain vigilant about files downloaded from repository-related URLs and verify their authenticity.

Tags

#GitLab #CDNFlaw #MalwareDistribution #AuthenticationBypass #SecurityVulnerability

"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"

JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻

🔗 Source: BleepingComputer

Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec

🌍🔐👥

🚨 Mastodon Vulnerability Patched! CVE-2024-25618 🛡️

A security flaw - CVE-2024-25618 - was fixed, in Mastodon's software to prevent potential account takeovers. This vulnerability allowed attackers to bypass authentication mechanisms via a crafted request, posing a significant risk to the platform's integrity.

It enabled new logins from certain authentication providers (like CAS, SAML, OIDC) to merge with existing local accounts sharing the same email. This could lead to someone taking over your account if the provider allows changing emails or if there are multiple providers set up.

Here's how it works: When someone logs in using an external provider for the first time, Mastodon checks for an existing account with the same email. However, relying only on the email could result in hijacking your Mastodon account if the provider allows changing it. The Mastodon team swiftly deployed a patch, reinforcing the security of user accounts and the broader ecosystem. Remember, keeping software up-to-date is crucial for safeguarding against such vulnerabilities. 🔄🔐

The commit "b31af34c9716338e4a32a62cc812d1ca59e88d15" signifies this update. For further details, check out their advisory.

A big thanks to the discoverers Dominik George and Pingu from Teckids, and the Mastodon team for their rapid response in improving our digital defenses. Stay secure, everyone! ✨🐘

Tags: #CVE2024_25618 #Mastodon #Cybersecurity #PatchUpdate #AccountSecurity #AuthenticationBypass #DigitalDefense #CommunityVigilance 🌍🔒

MITRE CVE-2024-25618 Summary

"Exploiting SharePoint: A Deep Dive into Pre-Auth RCE Chain 🛡️"

In a recent article by Nguyễn Tiến Giang (Jang) on STAR Labs, a meticulous exploration of a SharePoint exploit chain was discussed, which was demonstrated at P2O Vancouver 2023. The exploit chain, dubbed SharePoint Pre-Auth RCE chain, leverages two vulnerabilities: Authentication Bypass and Code Injection, to achieve pre-auth remote code execution (RCE) on a SharePoint server.

The Authentication Bypass allows an unauthenticated attacker to impersonate any SharePoint user by exploiting the JSON Web Tokens (JWTs) validation process. The Code Injection vulnerability, on the other hand, enables a SharePoint user with specific permissions to inject arbitrary code, leading to RCE.

The article provides a deep technical dive into the exploit chain, explaining the process of discovering and crafting the exploit. It's a fascinating read for anyone interested in cybersecurity, especially in understanding the intricacies of exploiting complex systems like SharePoint.

The vulnerabilities are identified as CVE-2023-29357 and CVE-2023-24955, and the article provides a detailed walkthrough of how these vulnerabilities were chained together to achieve RCE on SharePoint 2019 (version 16.0.10396.20000) with March 2023 patch (KB5002358 and KB5002357).

Source: STAR Labs

Tags: #SharePoint #CyberSecurity #ExploitChain #RCE #CVE202329357 #CVE202324955 #AuthenticationBypass #CodeInjection #P2OVancouver2023 🛡️💻🔓

Authentication Bypass - I have just completed this room! Check it out: https://tryhackme.com/room/authenticationbypass #tryhackme #security #Auth #bypass #ffuf #enum #bruteforce #authenticationbypass via @RealTryHackMe
#infosec #hacking

"⚠️ #HPEOneView Alert! Triple Vulnerability Threat Uncovered ⚠️"

Hewlett Packard Enterprise's OneView Software is under the spotlight with three critical vulnerabilities identified. These flaws can lead to authentication bypass, sensitive data exposure, and even denial of service. If you're using HPE OneView, it's time to patch up! 🛡️

Vulnerabilities:
1️⃣ CVE-2023-30908 – Remote Authentication Bypass: Scored a whopping 9.8 on CVSS, this flaw allows attackers to bypass authentication due to mishandling of user credentials in HPE OneView. Kudos to Sina Kheirkhah (@SinSinology) from the Summoning Team (@SummoningTeam) for reporting this! 🕵️‍♂️

2️⃣ CVE-2022-4304 – Disclosure of Sensitive Information: A timing-based side channel in OpenSSL's RSA Decryption can leak sensitive info. Attackers can exploit this by sending numerous trial decryption messages. 📩

3️⃣ CVE-2023-2650 – Denial of Service: This flaw lies in OpenSSL's OBJ_obj2txt() method, allowing attackers to launch a DoS attack on HPE OneView. 🚫

Impacted? 🤔 Versions prior to v8.5 and v6.60.05 patch are vulnerable. But don't fret! HPE has released patches for these versions. Head to the HPE Support Center and upgrade ASAP! ⏳

Source: Guru's Article, September 11, 2023

Tags: #Cybersecurity #HPE #VulnerabilityAlert #PatchNow #OpenSSL #DoS #AuthenticationBypass #SensitiveDataLeak #InfoSecCommunity