Tuesday, December 28, 2010

Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate

Advisory:
Trustwave's SpiderLabs Security Advisory TWSL2010-007: Passlogix v-GO Self-Service Password Reset Bypass via Invalid SSL Certificate
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-007.txt
Published: 2010-12-10 Version: 1.0

Analysis:

It appears that the SSL exception window is tied to the target machine.
This window itself may be a part of the application, which unfortunately happens to provide a way to browse the target machine file system for exporting certificates instead of the user's itself.

This vulnerability can be classified as 'design flaw' lacking authentication check upon accessing the file systems. The vulnerable window form is not tied to the realm of authentication domain.

Check:

The above finding can mostly be missed in normal pentest where a  pentester and the target application are the only actors.  However, Spiderlabs researchers managed to test the target application in different environment settings under their control. Thus, it is essential to consider what environmental factors may interfere with the target application logics and workflow. Draw test cases. Examine and study the application behaviors.

No comments:

Post a Comment