Buzz
Password management solutions help enterprises and organizations manage their sensitive passwords, control privileges across multiple operating systems/machines, servers, systems, databases, and protect them from external as well as internal threats.
Discovery of Remote Code Execution Vulnerability in CyberArk Enterprise Password Vault Application
German network security company, RedTeam Pentesting GmbH, uncovered a remote code execution vulnerability affecting several CyberArk-designed Enterprise Password Vault applications, which are password management tools safeguarding sensitive passwords and controlling privileged accounts.
The vulnerability (CVE-2018-9843) was detected in CyberArk Password Vault Web Access, a .NET web application developed by the company to enable remote account access for their customers.
The root cause of this issue lies in insecure deserialization handling by web servers, potentially allowing attackers to execute code on the data processing servers.
According to researchers, when users log into their accounts, the application utilizes REST API to send authentication requests to the server, including an authentication header containing a .NET object encoded in base64 within the database.
This .NET serialization entity holds user session information, yet researchers found that the 'data serialization integrity is not protected'.
Because servers don't verify the integrity of data serialization and don't handle deserialization data securely, attackers can manipulate authentication token codes to inject their malicious code into authentication headers, resulting in 'unauthenticated, remote code execution on the web server'.
Researchers also released proof-of-concept code to demonstrate vulnerabilities using ysoserial.net, an open-source tool to generate payloads for .NET applications processing deserialization data of insecure objects.
After detecting vulnerabilities in CyberArk Enterprise Password Vault and receiving reports from RedTeam, the company also released patches for CyberArk Password Vault Web Access. Enterprises using CyberArk Password Vault Web Access are advised to upgrade to version 9.9.5, 9.10, or 10.2 to address the issue.
If immediate software upgrade isn't possible, a feasible solution to mitigate the impact of this vulnerability is to disable any access rights to the API at route /PasswordVault/WebServices.
Android, a highly sensitive and exploit-prone mobile operating system, poses a risk for malware dissemination. Hence, the world's leading antivirus software developer VirusTotal introduces Droidy sandbox, detecting malicious Android apps, aiding users of this OS to potentially have safer internet browsing or app installation experiences.
