Vulnerability in open source identity management system Free IPA could lead to XXE attacks – The Daily Swig

/ / Published in Uncategorized

Cyber Warfare
Russia is ‘failing’ in its mission to destabilize Ukraine’s networks
Hacker-powered security
Human error bugs increasingly making a splash, study indicates
In focus
Software supply chain attacks – everything you need to know
Special report
Inaugural report outlines strengths and weaknesses exposed by momentous security flaw
Chromium site isolation bypass
Flaw that opened the door to cookie modification and data theft resolved
Bug Bounty Radar
The latest programs for September 2022
Cybersecurity conferences
A schedule of events in 2022 and beyond
Attackers could ‘take full control of the infrastructure’, warn researchers
UPDATED A vulnerability in Free IPA could lead to XML external entity (XXE) attacks, researchers have warned.
FreeIPA is a free and open source identity management system and is the upstream project of Red Hat Identity Management.
A flaw, tracked as CVE-2022-2414, was found in the pki-core package, a security advisory from Red Hat warns.
Read more of the latest news about security vulnerabilities
“Access to external entities when parsing XML documents can lead to XML external entity attacks.
“This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.”
XXE allows injecting arbitrary entities into an XML document and performing malicious actions such as local file reading or sending HTTP requests into an internal network.

The latter could lead to remote code execution (RCE) if there are unpatched applications inside an internal network.

The vulnerability, which has a severity rating of 7.5 (high), was discovered by researcher Egor Dimintrenko of security research team PT Swarm.

The security flaw takes place in the certification system, called DogTag, Dimitrenko told The Daily Swig.

“DogTag can be used as a PKI service for any project, but it’s well known as a part of FreeIPA system. Since DogTag is integrated into FreeIPA, FreeIPA is vulnerable if still unpatched,” he said.

“It’s also worth mentioning that main impact of the vulnerability is a risk of configuration file reading, which contains password for Directory Manager user,” Dimitrenko said.

“Directory Manager is a main entity in the application and control Directory Server. By compromising this user, an attacker is able to connect to directory server and read any high sensitive data like user credentials and then make a lateral movement in infrastructure.

“Particularly in FreeIPA this configuration file doesn’t contain a Directory Manager password by default, but in some cases it takes place, for example when an administrator change Directory Manager password.”

The vulnerability affects Red Hat Enterprise Linux 6-9 and Red Hat Certificate System 9 and 10.

Dimitrenko said that exploitation of the bug is “extremely simple” due to the fact that it doesn’t require any credentials and an attacker just has to find an accessible endpoint.

The vulnerability has been patched by Red Hat in all versions apart from Linux 6, which is out of scope. There are no known mitigations available and Red Hat urges users to update.

Dimitrenko commented: “It’s nice to see that there are many companies which support responsible disclosure and communicate with researchers, instead of ignoring them and hiding their problems.”
This article has been updated to include further comment.

YOU MAY ALSO LIKE Secure Open Source Rewards program launched to help protect critical upstream software
Jessica Haworth
@JesscaHaworth
Burp Suite
Vulnerabilities
Customers
Company
Insights
© 2022 PortSwigger Ltd.

source

What you can read next

Fujitsu scanner can digitize all your papers – The Dallas Morning News
eDocScan- Cloud Document Scanning Software, Brings a New Era to Document Scanning Productivity – WebWire
Government tenders for electronic document storage deal – The Guardian