Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
How just one bug in the authorization process can lead to a digital catastrophe.
In the field of information security, a critical vulnerability was discovered that affects Progress Software products, in particular, OpenEdge Authentication Gateway and AdminServer. This vulnerability poses a serious threat to authentication mechanisms, which can allow attackers to bypass security measures and gain unauthorized access to systems.
The issue identified as CVE-2024-1403 has a maximum risk level with a CVSS score of 10. The vulnerability affects OpenEdge versions up to and including 11.7.18, 12.2.13 and earlier, and 12.8.0.
The core of the problem is the lack of an authentication mechanism when the OpenEdge Authentication Gateway (OEAG) is configured using the operating system's local authentication system to authenticate users. A similar problem occurs when connecting to AdminServer via OpenEdge Explorer and OpenEdge Management, where local authentication is also used.
According to representatives of Progress Software, the problem manifests itself when the system incorrectly interprets unexpected types of usernames and passwords, which leads to authorization without proper verification of credentials. Thus, attackers can bypass the authentication procedure by gaining access to protected resources.
The company has already taken steps to address the vulnerability by releasing OpenEdge LTS Update 11.7.19, 12.2.14 and 12.8.1. Users are strongly encouraged to install these updates to protect their systems from potential attacks.
Research Group Horizon3.ai she contributed to the vulnerability study by implementing and publishing a PoC exploit. The group's specialists found that the root of the problem is related to the "connect ()" function, which is activated during remote connection. This function calls another function, "authorizeUser ()", whose task is to check that the provided data meets the specified criteria. However, if the user name matches "NT AUTHORITY\SYSTEM", direct authorization occurs, bypassing the necessary checks.
In addition, the researchers point to the potential for further attacks, such as deploying new applications via remote links to WAR files.
Earlier, Progress Software was already involved in a major scandal in the IT industry, when the MOVEit Transfer MFT client of its Ipswitch subsidiary was hacked by Clop hackers, which led to the compromise of hundreds of companies in various fields and total financial losses of billions of dollars.
The discovery of CVE-2024-1403 and past high-profile attacks on Progress Software-highlight the importance of timely software updates and the need for cybersecurity vigilance. Businesses and ordinary users should take all necessary precautions to protect their systems from potential threats and ensure data security.
In the field of information security, a critical vulnerability was discovered that affects Progress Software products, in particular, OpenEdge Authentication Gateway and AdminServer. This vulnerability poses a serious threat to authentication mechanisms, which can allow attackers to bypass security measures and gain unauthorized access to systems.
The issue identified as CVE-2024-1403 has a maximum risk level with a CVSS score of 10. The vulnerability affects OpenEdge versions up to and including 11.7.18, 12.2.13 and earlier, and 12.8.0.
The core of the problem is the lack of an authentication mechanism when the OpenEdge Authentication Gateway (OEAG) is configured using the operating system's local authentication system to authenticate users. A similar problem occurs when connecting to AdminServer via OpenEdge Explorer and OpenEdge Management, where local authentication is also used.
According to representatives of Progress Software, the problem manifests itself when the system incorrectly interprets unexpected types of usernames and passwords, which leads to authorization without proper verification of credentials. Thus, attackers can bypass the authentication procedure by gaining access to protected resources.
The company has already taken steps to address the vulnerability by releasing OpenEdge LTS Update 11.7.19, 12.2.14 and 12.8.1. Users are strongly encouraged to install these updates to protect their systems from potential attacks.
Research Group Horizon3.ai she contributed to the vulnerability study by implementing and publishing a PoC exploit. The group's specialists found that the root of the problem is related to the "connect ()" function, which is activated during remote connection. This function calls another function, "authorizeUser ()", whose task is to check that the provided data meets the specified criteria. However, if the user name matches "NT AUTHORITY\SYSTEM", direct authorization occurs, bypassing the necessary checks.
In addition, the researchers point to the potential for further attacks, such as deploying new applications via remote links to WAR files.
Earlier, Progress Software was already involved in a major scandal in the IT industry, when the MOVEit Transfer MFT client of its Ipswitch subsidiary was hacked by Clop hackers, which led to the compromise of hundreds of companies in various fields and total financial losses of billions of dollars.
The discovery of CVE-2024-1403 and past high-profile attacks on Progress Software-highlight the importance of timely software updates and the need for cybersecurity vigilance. Businesses and ordinary users should take all necessary precautions to protect their systems from potential threats and ensure data security.
