Noam Chomsky once said, “the times are too difficult and the crisis too severe to indulge in schadenfreude.”
For organizations striving to protect their data from predatory cyberattacks, the times are indeed difficult. With that in mind, I want to explain a recent vulnerability found within the Privileged Access Management market and how our solutions are designed to protect you from that type of vulnerability.
Exploiting a Password Vault Vulnerability
Last week, it was revealed that a leading Privileged Identity Management solution was found to have a critical remote code execution vulnerability. According to German cybersecurity firm RedTeam Pentesting GmbH, data in the web access component of the product's password vault, "may be access through a proprietary network protocol."
The vulnerability, which the researchers rated as “high risk,” is caused by the way the web server improperly handles deserialization operations. This could allow a hacker to gain unauthorized access to the system with the privileges of the web application. The flaw can be exploited by attackers for code execution on the web server remotely.
The way it works is that when a user logs in into his account, the application uses REST API to send an authentication request to the server. That includes an authorization header containing a serialized .NET object encoded in base64. That .NET object holds the information about a user's session, but the integrity of the serialized data is not protected. Attackers can then manipulate authentication tokens to inject malicious code, gaining, "unauthenticated, remote code execution on the web server," according to RedTeam Pentesting.
The Secure Bomgar Solution
Fortunately, Bomgar customers can rest assured that this type of attack does not affect our privileged identity management solution.
Here’s why. None of the permissions or authorizations live on our product’s web application server. And they’re not presented to the web application server from any other component.
The authentication token a user obtains during their authentication process is the only thing that identifies what the user can and cannot do. However, each successive call to the web application or service is validated against the user's permissions as defined in the secure datastore. As such, manipulating an authentication token has no value in changing the user's actual permissions within a session.
At Bomgar, we strive to develop the industry’s best solutions for securing vulnerable privileged accounts. And this includes the integrity of our products themselves.