Fortunately, there is no evidence (so far) that cybercriminals have exploited the vulnerability. But the fact that this serious vulnerability has most likely been present for some time is in itself alarming, let alone the “what if” scenarios.
The flaw could have allowed hackers to execute arbitrary commands and compromise the entire cdnjs library. This was a “path traversal vulnerability”, a flaw that allows attackers to retrieve arbitrary files from the server’s file system, in directories other than the one where the current resource is located. access. Since many operating systems store critical information in standard directories – for example Unix-based systems store passwords in “/ etc / passwd” – hackers might guess the names of directories containing sensitive information that would allow them to take control of a system.
The sheer magnitude of the “could have been” is truly frightening. The exploit could have been initiated by publishing packages to cdnjs via GitHub and npm. Since cdnjs uses an automated library update, the flaw could have spread to any of the millions of websites that rely on cdnjs.
The flaw was NOT discovered by GitHub or Cloudflare; instead, it was discovered by an independent researcher who blogs under the name “RyotaK”. The researcher participated in a Cloudflare-sponsored “vulnerability disclosure program” on HackerOne, which allows hackers to conduct independent vulnerability assessments and report their findings to Cloudflare.
The vulnerability had been there for at least two months: RyotaK notified Cloudflare of the flaw on April 6, 2021, and the company did not apply a full patch until June 3, although a secondary patch was applied the next day. April 7. Additionally, when RyotaK demonstrated the vulnerability by exploiting it, GitHub recognized that there was an issue and sent an alert to Cloudflare. However, hackers who, unlike RyotaK, were concerned about detection could have exploited the vulnerability in a way that would not have raised alerts.
In cases where the IT infrastructure contains or propagates vulnerabilities, it is very difficult for an individual business to protect itself. In this case, up to 12% of websites could have been compromised, perhaps becoming distributors of malware to endpoints and networks themselves, through the web browsers of users unlucky enough to visit the website. pirate. Sites that were “known” on the basis of reputation information and therefore authorized by SWGs (Secure Web Gateways) could potentially have become very bad overnight.
Almost two years ago, Gartner mentioned in its SWG Magic Quadrant report that some very security-conscious organizations have completely replaced their SWGs with RBI technology. Announcements like Cloudflare’s recent one support the wisdom of this strategy. The cdnjs vulnerability highlights the need for a strong and multifaceted approach to cybersecurity.
One thing’s for sure (with death and taxes): Web-related vulnerabilities will always exist (in addition to those associated with web browsers themselves according to Nick Kael’s recent blog post on Chrome Zero Days). As such, network security professionals need to bring their “A-game” to web security. And website owners should make sure to keep an eye on their software supply chain vendors and act quickly and responsibly to patch to any vulnerabilities that arise.
Cloudflare Vulnerability Enabled Post Compromise of 12% of all websites appeared first on Ericom Blog.
*** This is a syndicated Security Bloggers Network blog from Ericom Blog written by GERRY GREALISH. Read the original post at: https://blog.ericom.com/cloudflare-vulnerability-enabled-compromise-of-12-of-all-websites/?utm_source=rss&utm_medium=rss&utm_campaign=cloudflare-vulnerability-enabled-compromise-of -12-of-all-sites