Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

At BitnessWise we recently did a review of a few Two Factor Authentication (2FA) plugins for WordPress. First we selected some candidates based on usability and free-version features and after that performed a technical review of the plugin. This revealed a vulnerability we’d like to discuss in this post for future reference and to better understand the issue.

Door |2024-09-30T09:52:35+00:00februari 21, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Two Factor Authentication Cross Site Request Forgery (CSRF) vulnerability (CVE-2018-20231)

Abusing Exchange: One API call away from Domain Admin

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange. This attack is possible by default and while no patches are available at the point of writing, there are mitigations that can be applied to prevent this privilege escalation. This blog details the attack, some of the more technical details and mitigations, as well as releasing a proof-of-concept tool for this attack which I’ve dubbed “PrivExchange”.

Door |2024-08-26T15:01:42+00:00februari 7, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Abusing Exchange: One API call away from Domain Admin

Harakiri – exploitation of a mail handler

If you’re a penetration tester, you’ve been there: that customer that certainly knows what they’re doing. The one that makes their stuff secure by the less-is-more concept.

In an assignment of all internet facing systems of this customer we had to dig deeper to find something. After extensive testing of their web applications, we weren’t happy enough and wanted more. Scanning the full perimeter was already done and didn’t present us any useful vulnerabilities. Time to go deeper!

Door |2024-02-19T05:19:30+00:00oktober 19, 2017|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Harakiri – exploitation of a mail handler
Ga naar de bovenkant