Specialized particulars and a proof-of-concept (PoC) exploit have been designed accessible for a not long ago disclosed critical security flaw in Progress Program OpenEdge Authentication Gateway and AdminServer, which could be possibly exploited to bypass authentication protections.
Tracked as CVE-2024-1403, the vulnerability has a greatest severity rating of 10. on the CVSS scoring technique. It impacts OpenEdge variations 11.7.18 and previously, 12.2.13 and earlier, and 12.8..
“When the OpenEdge Authentication Gateway (OEAG) is configured with an OpenEdge Area that works by using the OS area authentication service provider to grant consumer-id and password logins on functioning platforms supported by energetic releases of OpenEdge, a vulnerability in the authentication routines may possibly lead to unauthorized accessibility on tried logins,” the enterprise stated in an advisory released late past month.
“Likewise, when an AdminServer connection is designed by OpenEdge Explorer (OEE) and OpenEdge Administration (OEM), it also utilizes the OS area authentication company on supported platforms to grant person-id and password logins that could also lead to unauthorized login entry.”
Progress Program explained the vulnerability improperly returns authentication achievement from an OpenEdge community area if sudden sorts of usernames and passwords are not properly handled, main to unauthorized accessibility sans correct authentication.
The flaw has been resolved in versions OpenEdge LTS Update 11.7.19, 12.2.14, and 12.8.1.
Horizon3.ai, which reverse-engineered the vulnerable AdminServer services, has considering that introduced a PoC for CVE-2024-1403, stating the issue is rooted in a operate called connect() that’s invoked when a remote connection is made.
This perform, in switch, phone calls yet another functionality called authorizeUser() that validates that the provided credentials meet certain requirements, and passes manage to an additional part of the code that specifically authenticates the user if the presented username matches “NT AUTHORITYSYSTEM.”
“Deeper attacker surface appears like it may possibly make it possible for a user to deploy new applications through remote WAR file references, but the complexity enhanced dramatically in purchase to reach this attack floor for the reason that of the use of interior support information brokers and customized messages,” security researcher Zach Hanley reported.
“We feel there is yet again probably an avenue to remote code execution through developed in operation provided ample exploration hard work.”
Discovered this article appealing? Stick to us on Twitter and LinkedIn to read a lot more exclusive written content we put up.
Some parts of this article are sourced from:
thehackernews.com