Enterprise password manager (EPV) solutions care organizations securely contend their sensitive passwords, controlling privileged accounts passwords across a broad make of client/server in addition to mainframe operating systems, switches, databases, in addition to proceed them rubber from external attackers, equally good equally malicious insiders.
Discovered past times High German cybersecurity theatre RedTeam Pentesting GmbH, the vulnerability affects i of such Enterprise Password Vault apps designed past times CyberArk—a password management in addition to safety tool that manages sensitive passwords in addition to controls privileged accounts.
The vulnerability (CVE-2018-9843) resides inward CyberArk Password Vault Web Access, a .NET spider web application created past times the society to care its customers access their accounts remotely.
The flaw is due to the agency spider web server unsafely make got deserialization operations, which could permit attackers to execute code on the server processing the deserialized data.
According to the researchers, when a user logs inward into his account, the application uses REST API to post an authentication asking to the server, which includes an say-so header containing a serialized .NET object encoded inward base64.
This serialized .NET object holds the information almost a user's session, but researchers establish that the "integrity of the serialized information is non protected."
Since the server does non verify the integrity of the serialized information in addition to unsafely handles the deserialization operations, attackers tin only manipulate authentication tokens to inject their malicious code into the say-so header, gaining "unauthenticated, remote code execution on the spider web server."
Researchers accept also released a amount proof-of-concept code to demonstrate the vulnerability using ysoserial.net, an opened upwards source tool for generating payloads for .NET applications performing dangerous deserialization of objects.
The technical details of the vulnerability in addition to exploit code came solely afterward RedTeam responsibly reported the vulnerability to CyberArk in addition to the society rolled out patched versions of the CyberArk Password Vault Web Access.
Enterprises using CyberArk Password Vault Web Access are highly recommended to upgrade their software to version 9.9.5, 9.10 or 10.2.
In instance you lot cannot similar a shot upgrade your software, the possible workaround to mitigate this vulnerability is disabling whatsoever access to the API at the road / PasswordVault / WebServices.
