CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication https://thecyberexpress.com/cisa-adds-cve-2025-31161-to-kev-catalog/ #authenticationbypass #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE202531161 #CyberNews #CrushFTP
Critical Authentication Bypass Vulnerability Exposed in FortiOS and FortiProxy: A Wake-Up Call for Security
A newly uncovered vulnerability in FortiOS and FortiProxy could allow attackers to gain super-admin privileges through crafted requests to the Node.js websocket module. With a CVSS score of 9.6, this ...
Krytyczny błąd 0day w Fortigate. Jest w trakcie exploitacji, przejmują dostępy do VPNa w firmach.
Luka umożliwia pełne przejęcie urządzenia z poziomu Internetu. Tj. zdobycie uprawnień super-admina. Podatność jest wykorzystywana w realnych atakach, najprawdopodobniej od okolic grudnia 2024. Nie wiadomo dokładnie jaka grupa odpowiedzialna jest za ataki. W ramach ataków wykonywane są takie operacje jak: Podatne są FortiOS (7.0.0 do 7.0.16) oraz FortiProxy (linia 7.0.x...
#WBiegu #0Day #AuthBypass #AuthenticationBypass #Fortigate #VPN
SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls
https://www.securityweek.com/sonicwall-patches-authentication-bypass-vulnerabilities-in-firewalls/
Critical Veeam Backup Enterprise Manager authentication bypass bug – Source: securityaffairs.com https://ciso2ciso.com/critical-veeam-backup-enterprise-manager-authentication-bypass-bug-source-securityaffairs-com/ #rssfeedpostgeneratorecho #ITInformationSecurity #authenticationbypass #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #Security #hacking #Veeam
Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
Date: May 21, 2024
CVE: [[CVE-2024-4985]]
Vulnerability Type: Improper Authentication
CWE: [[CWE-287]]
Sources: Cyber Security News, SecurityWeek, The Hacker News
Issue Summary
A critical vulnerability in GitHub Enterprise Server, identified as CVE-2024-4985, was discovered that allows attackers to bypass authentication. This flaw, found in versions 3.9.14, 3.10.11, 3.11.9, and 3.12.3, permits unauthorized access to repositories and sensitive data by exploiting a weakness in the SAML SSO authentication process.
Technical Key Findings
The vulnerability arises from a logic error in the SAML SSO authentication process, where the server fails to verify the validity of digital signatures on SAML responses properly. Attackers can craft SAML assertions with any certificate, which the server incorrectly accepts, allowing the spoofing of user identities, including admin accounts.
Vulnerable Products
Impact Assessment
Exploitation of this vulnerability could lead to unauthorized access to private repositories, sensitive data, and administrative controls. This can result in data breaches, code tampering, and potential intellectual property theft.
Patches or Workaround
GitHub has released patched versions (3.9.15, 3.10.12, 3.11.10, and 3.12.4) to address this issue. As an interim measure, enabling SAML certificate pinning can mitigate the risk. Additionally, auditing access logs for suspicious activity and rotating credentials is advised.
Tags
GitLab Security Update: Critical Patches Released
Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release
Issue Summary
GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.
Technical Key findings
Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.
Table of security fixes
|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|
Vulnerable products
Impact assessment
Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.
Patches or workaround
Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.
Tags
#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease
GitLab Vulnerability to GitHub-Style CDN Flaw Allowing Malware Hosting
Date: April 22, 2024
CVE: Not specifically assigned
Vulnerability Type: Authentication bypass
CWE: [[CWE-22]], [[CWE-427]]
Sources: Bleeping Computer Article, Duo Security Article
Issue Summary
GitLab has been identified as vulnerable to a similar flaw that was found in GitHub, where the platform's "comments" feature can be abused to host malware. This vulnerability allows threat actors to upload malicious files to GitLab's CDN under the guise of legitimate projects, making them appear as if they are part of reputable repositories.
Technical Key findings
The flaw stems from the ability to generate links to uploaded files in the comment section before saving or posting the comment. These files, although potentially never visible in a public comment, receive a CDN URL that remains accessible even if the comment is deleted.
The format followed by such files uploaded to GitLab CDN is:_https://gitlab.com/{project_group_namr}/{repo_name}/uploads/{file_id}/{file_name}_
For videos and images, the files will be stored under the /assets/ path instead.
Vulnerable products
The vulnerability affects all versions of GitLab that include the "comments" feature with file upload capabilities.
Impact assessment
This vulnerability can be exploited to distribute malware by disguising malicious files as legitimate project files, potentially leading to widespread security breaches if these files are executed by unsuspecting users.
Patches or workaround
As of the latest updates, specific patches for this CDN flaw have not been detailed. Users are advised to remain vigilant about files downloaded from repository-related URLs and verify their authenticity.
Tags
"
Urgent TeamCity Vulnerabilities Alert! Patch Now! "
JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 
Source: BleepingComputer
Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec
Mastodon Vulnerability Patched! CVE-2024-25618
A security flaw - CVE-2024-25618 - was fixed, in Mastodon's software to prevent potential account takeovers. This vulnerability allowed attackers to bypass authentication mechanisms via a crafted request, posing a significant risk to the platform's integrity.
It enabled new logins from certain authentication providers (like CAS, SAML, OIDC) to merge with existing local accounts sharing the same email. This could lead to someone taking over your account if the provider allows changing emails or if there are multiple providers set up.
Here's how it works: When someone logs in using an external provider for the first time, Mastodon checks for an existing account with the same email. However, relying only on the email could result in hijacking your Mastodon account if the provider allows changing it. The Mastodon team swiftly deployed a patch, reinforcing the security of user accounts and the broader ecosystem. Remember, keeping software up-to-date is crucial for safeguarding against such vulnerabilities. 
The commit "b31af34c9716338e4a32a62cc812d1ca59e88d15" signifies this update. For further details, check out their advisory.
A big thanks to the discoverers Dominik George and Pingu from Teckids, and the Mastodon team for their rapid response in improving our digital defenses. Stay secure, everyone! 
Tags: #CVE2024_25618 #Mastodon #Cybersecurity #PatchUpdate #AccountSecurity #AuthenticationBypass #DigitalDefense #CommunityVigilance 
"Exploiting SharePoint: A Deep Dive into Pre-Auth RCE Chain "
In a recent article by Nguyễn Tiến Giang (Jang) on STAR Labs, a meticulous exploration of a SharePoint exploit chain was discussed, which was demonstrated at P2O Vancouver 2023. The exploit chain, dubbed SharePoint Pre-Auth RCE chain, leverages two vulnerabilities: Authentication Bypass and Code Injection, to achieve pre-auth remote code execution (RCE) on a SharePoint server.
The Authentication Bypass allows an unauthenticated attacker to impersonate any SharePoint user by exploiting the JSON Web Tokens (JWTs) validation process. The Code Injection vulnerability, on the other hand, enables a SharePoint user with specific permissions to inject arbitrary code, leading to RCE.
The article provides a deep technical dive into the exploit chain, explaining the process of discovering and crafting the exploit. It's a fascinating read for anyone interested in cybersecurity, especially in understanding the intricacies of exploiting complex systems like SharePoint.
The vulnerabilities are identified as CVE-2023-29357 and CVE-2023-24955, and the article provides a detailed walkthrough of how these vulnerabilities were chained together to achieve RCE on SharePoint 2019 (version 16.0.10396.20000) with March 2023 patch (KB5002358 and KB5002357).
Source: STAR Labs
Tags: #SharePoint #CyberSecurity #ExploitChain #RCE #CVE202329357 #CVE202324955 #AuthenticationBypass #CodeInjection #P2OVancouver2023 
Authentication Bypass - I have just completed this room! Check it out: https://tryhackme.com/room/authenticationbypass #tryhackme #security #Auth #bypass #ffuf #enum #bruteforce #authenticationbypass via @RealTryHackMe
#infosec #hacking
"
#HPEOneView Alert! Triple Vulnerability Threat Uncovered "
Hewlett Packard Enterprise's OneView Software is under the spotlight with three critical vulnerabilities identified. These flaws can lead to authentication bypass, sensitive data exposure, and even denial of service. If you're using HPE OneView, it's time to patch up!
Vulnerabilities:
CVE-2023-30908 – Remote Authentication Bypass: Scored a whopping 9.8 on CVSS, this flaw allows attackers to bypass authentication due to mishandling of user credentials in HPE OneView. Kudos to Sina Kheirkhah (@SinSinology) from the Summoning Team (@SummoningTeam) for reporting this! 
CVE-2022-4304 – Disclosure of Sensitive Information: A timing-based side channel in OpenSSL's RSA Decryption can leak sensitive info. Attackers can exploit this by sending numerous trial decryption messages. 
CVE-2023-2650 – Denial of Service: This flaw lies in OpenSSL's OBJ_obj2txt() method, allowing attackers to launch a DoS attack on HPE OneView. 
Impacted? 
Versions prior to v8.5 and v6.60.05 patch are vulnerable. But don't fret! HPE has released patches for these versions. Head to the HPE Support Center and upgrade ASAP! 
Source: Guru's Article, September 11, 2023
Tags: #Cybersecurity #HPE #VulnerabilityAlert #PatchNow #OpenSSL #DoS #AuthenticationBypass #SensitiveDataLeak #InfoSecCommunity
