Firewall vendor rolls out fix to a critical flaw before it’s too late

Cybersecurity firm Genua has issued a fix for a risky flaw in in it’s two-tier firewall product, GenuGate High Resistance Firewall. The vulnerability could have enabled attackers to bypass authentication measures and log in as root users within a company’s internal network.  

“An unauthenticated attacker is able to login as an arbitrary user in the admin web interface successfully, the side channel interface and user web interface, even as root with highest privileges, by manipulating certain HTTP POST parameters during login,” according to security and application consultation company SEC Consult on Monday.

What does the GenuGate High Resistance Firewall do?

According to Genua, the firewall protects internal networks from unauthorized access and lets organizations create an intranet with various domains, each with it’s own protection measures.

Has the flaw been fixed in all versions of the firewall?

Versions below 10.1p4, 9.6p7 and versions 9.0, and those below Zp19 are vulnerable.

The flaw has been fixed in GenuGate versions 10.1 p4 (G1010_004); 9.6 p7 (G960_007); 9.0 and 9.0 Z p19 (G900_019).

What do experts have to say?

“The vendor provides a patched version for the affected products which should be installed immediately,” says SEC Consult, a security and application consultancy company. “Customers should also adhere to security best practices such as network segmentation and limiting access to the admin panel. This is also a requirement for certified and approved environments.”

The flaw

The firewall has different authentication methods for the admin web interface, sidechannel web and user web interface. These many authentication methods make the authentication bypass vulnerability (CVE-2021027215) dangerous.

Due to the flaw, certain HTTP POST parameters passed to the server go unchecked, and hence any authentication request is allowed.

Rigging a specific parameter method would enable an attacker to bypass authentication and login as an arbitrary user. They could even login as non-existing user, said SEC Consult researchers.

SEC researchers even released a high-level proof-of-concept exploit of the bug, including a video. However, given the critical nature of the flaw, they did not release any specific POC details that might help the attackers themselves.

The only silver lining was, to exploit the flaw an attacker would’ve needed network access to the admin interface.

“Certified and approved environments mandate that the admin interface is only reachable through a strictly separated network,” according to SEC Consult. “Nevertheless, it is a highly critical security vulnerability and must be patched immediately.”

Quick response by Genua saves the day    Genua was notified about the vulnerability by researchers on Jan 29. The company confirmed the issue the same day and rolled out the fix on Feb 2. The public disclosure of the vulnerability (in coordination with CERT-Bund and CERT) was published on Monday. SEC Consult said,  the patch can be downloaded in GenuGate GUI or by calling “getpatches” on the command line interface.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Clubhouse chatroom breached: Letting third-party developer design app for Android users backfires

The wildly popular social media app Clubhouse suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone customers to break into the iPhone-only service.

Clubhouse has confirmed that a user was able to stream audio from the app on their website. The audio-only social networking app, launched in March 2020, allows people to gather online in public or private audio chatrooms.

The unidentified user managed to stream live Clubhouse audio feed from multiple rooms simultaneously on their third-party website. What’s concerning is that the unidentified user manager to do this even though they were not an invited member of those chatrooms. Following the incident, a spokeswoman said, “This individual’s account has been permanently banned from the service and we have added additional safeguards to prevent people from doing this in the future.”

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Global ransomware attacks against universities doubled year-on-year in 2020

According to BlueVoyant’s Cybersecurity in higher education report, the number of ransomware attacks against universities increased by 100% year-on-year in 2020. The company compiled data from 2702 universities across 43 countries, covering the period January 2019 to September 2020. It went on to say that average payouts were totaling nearly $450,000.

The company claims that the rise in ransomware attacks against universities was due to them being forced to adopt remote teaching and learning methods. 22% of all analyzed universities and colleges had open or unsecured remote desktop ports (RDPs), and 66% lacked protocols like SPF, DKIM, and DMARC to help guard against phishing. The company said that these are the primary contributing factors. The report also stated that the second most types of attacks were data breaches, which accounted for half of all cyberattacks in 2019.

“This is an industry that has had to rapidly pivot to online learning, changing standard methods of learning, practically overnight. The education sector is also under huge financial and regulatory pressure,” says Jim Rosenthal, the CEO of BlueVoyant. He went on to say that “Threat actors know that there are vulnerabilities to be exploited and they are taking advantage of these vulnerabilities at every opportunity, making it imperative for universities to adopt a solid cybersecurity threat posture to ensure that the wealth of sensitive data is properly defended against adversaries.”

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)