HomeVulnerabilityProof-of-Idea Exploit Launched for Progress Software program OpenEdge Vulnerability

Proof-of-Idea Exploit Launched for Progress Software program OpenEdge Vulnerability

Technical specifics and a proof-of-concept (PoC) exploit have been made out there for a just lately disclosed important security flaw in Progress Software program OpenEdge Authentication Gateway and AdminServer, which might be probably exploited to bypass authentication protections.

Tracked as CVE-2024-1403, the vulnerability has a most severity score of 10.0 on the CVSS scoring system. It impacts OpenEdge variations 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0.

“When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Area that makes use of the OS native authentication supplier to grant user-id and password logins on working platforms supported by lively releases of OpenEdge, a vulnerability within the authentication routines might result in unauthorized entry on tried logins,” the corporate mentioned in an advisory launched late final month.

“Equally, when an AdminServer connection is made by OpenEdge Explorer (OEE) and OpenEdge Administration (OEM), it additionally makes use of the OS native authentication supplier on supported platforms to grant user-id and password logins which will additionally result in unauthorized login entry.”

See also  Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

Progress Software program mentioned the vulnerability incorrectly returns authentication success from an OpenEdge native area if surprising kinds of usernames and passwords usually are not appropriately dealt with, resulting in unauthorized entry sans correct authentication.

The flaw has been addressed in variations OpenEdge LTS Replace 11.7.19, 12.2.14, and 12.8.1.

Horizon3.ai, which reverse-engineered the susceptible AdminServer service, has since launched a PoC for CVE-2024-1403, stating the difficulty is rooted in a operate known as join() that is invoked when a distant connection is made.

This operate, in flip, calls one other operate known as authorizeUser() that validates that the provided credentials meet sure standards, and passes management to a different a part of the code that immediately authenticates the person if the supplied username matches “NT AUTHORITYSYSTEM.”

“Deeper attacker floor appears like it might enable a person to deploy new functions through distant WAR file references, however the complexity elevated dramatically to be able to attain this assault floor due to the usage of inner service message brokers and customized messages,” security researcher Zach Hanley mentioned.

See also  Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

“We imagine there may be once more seemingly an avenue to distant code execution through in-built performance given sufficient analysis effort.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular