Improving large language models offer ‘just one more way to attack code, and one more way to defend code’

Improving large language models offer ‘just one more way to attack code, and one more way to defend code’

A supposed security researcher has tried and failed to file an apparently bogus cryptocurrency vulnerability with the help of ChatGPT, the latest and most eerily impressive large language model (LLM) from OpenAI.

The report of the ‘bug’ in OUSD stablecoin was sent to Daniel Von Fange, a distributed systems engineer who contributes to several cryptocurrency code repositories. After a bit of back and forth, it became clear to Von Fange that his interlocutor was at least partly a bot.

**A bug that doesn’t exist**

The first report claimed that two important access control modifiers in the OUSD implementation were “not defined anywhere in the code”. As a result, the reporter warned, anyone could potentially call these functions and “access or manipulate the \[smart\] contract’s assets in unintended ways”.

The report also contains several paragraphs on the impact of the bug and possible remedies.

The claims were obviously bogus, Von Fange told The Daily Swig, because the code would neither compile nor deploy if it tried to call internal code that wasn’t there.

“I first assumed that it was a new bounty hunter who didn’t know that contracts could inherit code from other contracts,” Von Fange said. “While it was obviously a wrong report, I still checked that the code was actually there, and sent a link back to the reporter. We try to be both fast and paranoid about security reports.”

**A stubborn reporter that gets the facts wrong**

After Von Fange replied that the modifiers were inherited from another module, the bug reporter persisted by providing a code snippet that purportedly demonstrated exploitability.

Again, Von Fange tested the code and proved that the exploit did not work. However, the reporter returned with another long description, which still got the facts wrong.

RELATED Take threats against machine learning systems seriously, security firm warns

“I was most surprised by the mixture of clear writing and logic, but built off an ignorance of 101-level coding basics,” he said. “It’s like someone with all the swagger and sponsor-covered nomex of a NASCAR driver, but who can’t find the steering wheel in a pickup truck.”

At this point, Von Fange became almost certain that he was dealing with an AI bot and finished the conversation with: “Nice try, ChatGPT”. The reporter later confirmed to Von Fange that ChatGPT was being used in the reports but nevertheless demanded a bounty for the ‘vulnerabilities’.

**Unmasking ChatGPT**

“What actually tipped me off was the inconstancy between emails – each email seemed to pretend we were discussing a different bug, and each was a bug based on nonsensical premises, and each set of code sent along to prove the issues was valueless,” Von Fange said.

It’s not unusual for people to send bug reports that could never happen, or code that proves nothing, he continued.

“But humans don’t usually forget the context of what you have been talking about, and low-effort bounty hunters usually go elsewhere as soon as they realize they are dealing with someone who has seen through a bogus submission,” he added.

On Twitter, Von Fange described ChatGPT’s report as “plausible text and impacts wrapped in magnificent misunderstandings of the basics”.

This description of ChatGPT’s capabilities and limitations reflects observations of the LLM made by AI experts.

Exposed to enormous volumes of text and guidance from human trainers, the large language model can compose prose that is grammatically correct and mostly coherent. However, it often lacks basic facts, common sense, and other knowledge that is not clearly defined in its training text.

**LLMs and the future of bug hunting**

LLMs have proven to be useful for programming. Codex, another language model developed by OpenAI, is very good at autocompleting lines or generating complete blocks of code.

However, existing LLMs also have distinct constraints when it comes to logic and reasoning.

“I think the current LLMs are good at finding plausible reasons why code might have a vulnerability,” Von Fange said. “The big missing piece is determining if that vulnerability is actually there.”

A bigger breakthrough will come when the AI can automatically write and run code to verify if the vulnerability can actually be exploited, Von Fange believes.

“Of course, bad guys will hook this up to automatically exploit code once when a vulnerability is discovered,” he said. “This will be an arms race between the good guys and the bad guys.

“But that is what security always has been. There is no silver bullet, just one more way to attack code, and one more way to defend code.”

RECOMMENDED Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover

ChatGPT bid for bogus crypto bug bounty is thwarted

Five vendors act to thwart generic hack

Security researchers have developed a technique that prevents web application firewalls (WAFs) from detecting SQL injection attacks.

Several leading vendors’ WAFs failed to support JSON syntax in their SQL injection inspection process, allowing security researchers from Claroty’s Team82 to “prepend JSON syntax to a SQL statement that blinded a WAF to the malicious code”.

The hack worked against WAFs from five leading vendors: Palo Alto Networks, Amazon Web Services, Cloudflare, F5, and Imperva.

All five have updated their products to support JSON syntax in their SQL injection inspection process, clearing the way for Claroty to publish a technical blog post detailing its research.

Catch up with the latest security research news

Prior to recent security updates, attackers using the JSON-based hack would have been able to bypass the WAF’s protection in attempts to exfiltrate data or mount other potential attacks.

“Major WAF vendors lacked JSON support in their products, despite it being supported by most database engines for a decade,” Claroty notes.

“We believe that other vendors’ products may be affected, and that reviews for JSON support should be carried out.”

JSON is a standard file and data exchange format, often used to exchange data between a server and a web application.

The generic WAF bypass was covered by Team82 during the course of unrelated research (specifically into Cambium Networks’ wireless device management platform) that was being thwarted by a web application firewall.

IoT and OT processes that are monitored and managed from the cloud are most at risk from the issue, according to Claroty. “Organizations should ensure they’re running updated versions of security tools in order to block these bypass attempts,” it advised.

The Daily Swig asked Claroty to clarify what classes of security tools might be vulnerable to this kind of exploit, among other questions. No word back as yet but we’ll update this story as and when more information comes to hand.

YOU MIGHT ALSO LIKE Go SAML library vulnerable to authentication bypass

JSON syntax hack allowed SQL injection payloads to be smuggled past WAFs

‘Not a prototype pollution vulnerability as you might normally understand it’

Ben Dickson 08 December 2022 at 13:57 UTC

‘Not a prototype pollution vulnerability as you might normally understand it’

NodeBB, a Node.js platform for creating forum applications, has patched a prototype pollution vulnerability that could allow attackers to impersonate other users and take over administrator accounts.

The vulnerability was caused by the mishandling of JavaScript’s flexibility in changing object prototypes at runtime.

**Exploiting sockets**

NodeBB uses Socket.IO, a JavaScript library that allows Node.js applications to use web sockets in order to enable asynchronous, bidirectional communications between client and server and a more fluid chat experience.

However, NodeBB developers had used an object definition that could allow attackers to misuse Socket.IO’s objects. The maintainers of NodeBB told The Daily Swig that they have released only limited information about the bug to give developers some time to update their applications.

DON’T MISS Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover

However, Barış Uşaklı, one of those maintainers, did confirm that “the issue has a big impact since it allows an attacker to impersonate other users or make Socket.IO calls as an administrator”.

On a default NodeBB installation, the vulnerability could allow an unauthenticated user to obtain admin access to the application. If the instance had enabled plugins with additional checks, such as two-factor authentication, then the impact would be more limited and require authenticated access to the application.

Uşaklı said there is no evidence that the bug has been exploited in the wild. The maintainers patched the issue on the same day it was reported and on their hosted clients the next day.

**Not your average prototype pollution bug**

JavaScript applications are prone to prototype pollution when a carefully crafted payload – usually an input provided by users – can modify the prototype of JavaScript objects and change the application’s behavior.

However, the NodeBB bug differs from typical flaws in this bug class.

“This is not a prototype pollution vulnerability as you might normally understand it,” Stephen Bradshaw, the security researcher who discovered and reported the bug, told The Daily Swig.

RECOMMENDED Prototype pollution: The dangerous, underrated vulnerability impacting JavaScript applications

“In this case, access to the prototype of an object that was responsible for whitelisting functions run through the Socket.IO interface could be abused to modify the application’s environment in such a way that elevation of privileges was possible.”

Per agreement with NodeBB maintainers, Bradshaw has delayed publication of his write-up and full exploitation details until January.

**Be careful how you declare your objects**

The patch for the bug was a simple one-line modification that changed the method used to declare one of the objects.

“The main takeaway from the issue and the fix is that it is a bad idea to use a plain JavaScript object (i.e., ) if the properties of this object are going to be accessed by values provided by the end user,” Uşaklı said.

The silver lining is that patching NodeBB instances is fairly easy. In case developers can’t upgrade their applications to the latest version, they can cherry-pick the patch commit and just receive the security fix.

Bradshaw said that it’s important for security assessors and developers to “understand ‘weird’ features of the programming language” when coding and reviewing an application.

“Prototype inheritance in JavaScript is a prime example of this – it’s a language-specific issue that could lead to vulnerabilities, so devs writing JavaScript in particular need to be aware of it,” Bradshaw said.

RELATED Critical vulnerabilities in open source forum software NodeBB could lead to RCE

NodeBB prototype pollution flaw could lead to account takeover

Empower buyers and stop fixating about zero-days, conference attendees told

Empower buyers and stop fixating about zero-days, conference attendees told

  

Steps towards building a defendable internet are possible, but to get there the industry needs to accept baseline security regulations and move away from a fixation about zero-day vulnerabilities.

Opening the Black Hat Europe conference on Tuesday, security researcher Daniel Cuthbert praised security improvements gained with the wider adoption of cloud computing, improvements in iOS, and tighter web security controls in Google Chrome, among other developments.

One problem, however, is that these improvements are not feeding down to provide improvements in security practices more generally.

Read more of the latest news about Black Hat conference

Cuthbert posed the question: “Does good security mean a lock-in approach or are we actually capable of building an open, transparent, and yet secure internet for all to enjoy?”

According to Cuthbert, the industry is too fixated on zero-days, despite most cyber-attacks still proving successful using run-of-the-mill techniques such as phishing.

“During Covid we saw a lot of people tear apart products to look for bugs,” Cuthbert said. “A lot of criminals did too.”

There were 32 zero-days recorded in 2019, according to figures cited by Cuthbert. This figure dropped to 30 in 2021 before rising to 70 in 2021.

“Lots of zero-days arise because vendors failed to fix bugs,” according to Cuthbert.

Because zero-day exploits can be a weapon in the hands of cybercriminals or spies, researchers need to be more responsible and release detection methods alongside proof-of-concept exploits when they release research, according to Cuthbert.

**Knee jerk reactions need to stop**

Cuthbert criticized the industry for falling into a cycle of offering tools to overcome the shortcomings of earlier security products rather than attempting to identify and address the root cause of problems.

For example, the shortcomings of first-generation firewalls were addressed with the development of web application firewalls – a class of product that has itself been a source of security problems.

Cuthbert said: “Can we stop the cycle of building tools to fix the tools that aren’t secure enough?”

The researcher also criticized the industry from blaming end users – such as, as he put it, ‘Dave from accounts’ – for falling victim to phishing attacks.

Buyers currently have no meaningful influence on the security of products, a trend that needs to change.

Vendors should also be asked hard questions about threat modeling, supply chain security, and should be pushed to use memory safe languages during the procurement process.

YOU MAY ALSO LIKE Cybersecurity conferences 2022: A rundown of online, in person, and ‘hybrid’ events

Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Adam Bannister 02 December 2022 at 17:19 UTC  
Updated: 02 December 2022 at 17:20 UTC

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

Our inaugural web security roundup begins with the news that thousands of applications were found to be leaking API keys for Algolia.

Algolia technology is used by the likes of Lacoste, Stripe, and Slack, to incorporate search, discovery, and recommendations into web, voice, and mobile applications.

Researchers from CloudSEK found 1,500 apps leaking Algolia API keys, 32 of which had hardcoded keys that could allow attackers to steal or delete the data of millions of users. Vulnerable data included IP addresses, access details, and analytics data.

Meanwhile, maintainers of open source repositories can now receive private vulnerability reports, remediate them, and issue CVEs via GitHub, the Microsoft-owned software development platform announced at the GitHub Universe conference.

The news went down well with at least one infosec pro, with vulnerability researcher and The Daily Swig interviewee Alex Chapman calling it an “amazing feature”.

Staying with vulnerability management, the US Cybersecurity and Infrastructure Security Agency (CISA) has set out a three-step process for enhancing vulnerability management, including leveraging the vulnerability exploitability exchange (VEX), a form of security advisory index recently featured on The Daily Swig that focuses on the exploitability of flaws within applications.

CISA has also published a study on the effectiveness of the CVSS base score equation that concluded that the metric closely – albeit not perfectly – represents the CVSS maintainers’ expert opinion.

The Daily Swig also recently reported on system config issues in flavor-of-the-month social networking platform Mastodon, Tailscale VPN nodes being vulnerable to DNS rebinding, and how the Go SAML library was affected by an authentication bypass, among other news.

Here are some more web security stories and other cybersecurity news that caught our attention in the last fortnight:

**Web vulnerabilities**

*   Apache Commons BCEL / CVE-2022-42920 / CVSS 9.8 / Out-of-bounds writing issue impacting APIs could give attackers greater control of resulting bytecode
*   Apache MINA SSHD / CVE-2022-45047 / CVSS 9.8 / Unsafe Java deserialization / Patched
*   Flarum / CVE-2022-41938 / CVSS 9.0 / cross site-scripting XSS allowed injection of malicious HTML markup using discussion title input, either by creating a new discussion or renaming one / Patched November 21
*   TiDB / CVE-2022-3023 / CVSS 9.8 / Data source name injection could lead to arbitrary file reads / Patched November 17
**Research and attack techniques**

*   Sonar published a three-part series documenting vulnerabilities in IT Infrastructure monitoring tool Checkmk and its NagVis integration. These flaws could be chained to seize control of servers
*   Platform certificates used to sign system apps on Android builds have been maliciously leaked and used to sign malicious Android apps – “Folks, this is bad. Very, very bad”, tweeted one Android expert
*   Software engineer Tom Forbes uncovered a serious oversight by IT firm Infosys whereby a file was accidentally published to PyPi – and accessible for more than a year – containing AWS keys to an S3 bucket potentially containing patient data from Johns Hopkins University

TikTok is proving a useful vehicle for social engineering

  
*   Cybercriminals are tricking TikTok users into downloading malware with the promise of removing invisibility filters from nude photos, Checkmarx reveals – with TikTok videos posted by the attacker gathering over a million views in just two days
*   Hacker extraordinaire Sam Curry revealed that he was part of a team that uncovered 100 vulnerabilities – 50 rated critical – on agricultural equipment supplier John Deere’s security program, with technical details in the pipeline

**Bug bounty / vulnerability disclosure**

*   HackerOne’s leading Australian hacker and number 30 on its worldwide leaderboard Shubham Shah has published a deep dive on what it takes to succeed as a bug bounty hunter
*   Belgium-based bug bounty and pen testing platform Intigriti launched a Bug Bounty Calculator, as reported in our monthly Bug Bounty Radar
*   Idaho launched a vulnerability disclosure policy for election websites, becoming the fourth US state to launch a vulnerability disclosure policy, reports Statescoop

**New open source infosec/hacking tools**

*   Mi-X – Determines your system’s potential vulnerability to flaws by evaluating runtime execution, configuration, permissions, mitigations, OS, and other relevant variables
*   GuardDog – Identifies malicious Python packages using Semgrep and package metadata analysis
*   Legitify – Detect and remediate misconfigurations plus security and compliance issues across your GitHub assets
*   inTheWild – Vulnerability feed that documents reports of CVEs being exploited in the wild
*   APTRS (Automated Penetration Testing Reporting System) – Python and Django tool for tracking projects and vulnerabilities and creating reports without using DOCX files

**For devs**

*   The US’s National Security Agency (NSA) has released guidance (PDF) urging developers to abandon “programming languages that provide little or no inherent memory protection, such as C/C++, to a memory safe language when possible”

RECOMMENDED Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles

Deserialized web security roundup: Algolia API key leak, GitHub CVE reporting, scoring CVSS scores 

An attacker could masquerade as an authenticated user without presenting credentials

Ben Dickson 02 December 2022 at 11:06 UTC

An attacker could masquerade as an authenticated user without presenting credentials

  

An open source Go implementation of the SAML protocol has patched a critical vulnerability that could allow attackers to bypass authentication in applications that used the library.

SAML is a popular XML-based standard for passing authentication information between identity providers and service providers. SAML is one of the protocols used for single sign-on (SSO), where users use a single identity provider to sign into different applications.

**SAML assertions blobs**

An SAML assertion is a blob of XML exchanged between the identity provider and the service provider. The SAML assertion includes the user’s identity information and the resources they should have access to.

“Because \[the SAML assertion\] passes through the user, this blob needs to be signed. The spec allows the whole blob to be signed or just a part of it,” Ross Kinder, the maintainer of SAML library for Go, told The Daily Swig.

**Bypassing authentication with multiple assertions**

The Go SAML library worked well when an XML blob contains a single assertion, which is what happens most of the time. However, SAML also supports processing multiple assertions in a single blob, which could complicate things.

“If you construct a blob with one signed assertion and one unsigned assertion, you could trick the library into processing the unsigned assertion as if it were signed,” Kinder said.

If a Go program relied on the library for authentication, an attacker could masquerade as an authenticated user without presenting credentials.

“Once you know the vulnerability, the exploit is trivial,” Kinder said.

**SAML security is tricky**

The vulnerability has been patched in version 0.49 of the library. SAML security is tricky and several vulnerabilities have been identified in the protocol and its implementations in recent years.

“The SAML protocol has some significant design deficiencies that stem from it being extremely complex and supporting lots of different modes and options,” Kinder said. “This makes secure implementation of the protocol much more difficult than if the protocol were simpler. Unfortunately, SAML is widely deployed despite its flaws and so we’re kind of stuck with it.”

YOU MAY ALSO LIKE Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles

Go SAML library vulnerable to authentication bypass

Vehicles made after 2012 were vulnerable to web app exploit

Charlie Osborne 01 December 2022 at 14:30 UTC  
Updated: 01 December 2022 at 15:51 UTC

Vehicles made after 2012 were vulnerable to web app exploit

  

Researchers have disclosed a critical issue in Hyundai and Genesis vehicles that could be exploited to remotely control a car.

Yuga Labs staff security engineer Sam Curry reported the findings on a Twitter thread this week (November 29), noting that the bug allowed the team to “remotely control the locks, engine, horn, headlights, and trunk of vehicles made after 2012”.

A bug bounty hunter under the moniker \_specters\_ acted as a mock car thief (with his own Hyundai vehicle) for the project by Curry and other researchers.

Read more of the latest web security vulnerability news

Curry noted that recent cybersecurity research on vehicles tends to focus on cryptographic assaults on physical keys but that, novel exploits aside, the websites and apps supporting modern communication protocols and controls may have been overlooked.

For example, the Hyundai and Genesis mobile device apps allow authenticated users to manage functions, including starting or stopping and locking or unlocking their vehicles, which could be a serious problem if compromised.

Using Burp Suite, the researchers proxied app traffic and monitored API calls, seeking an entry point.

Curry explained that there appeared to be a ‘pre-flight’ check when JSON Web Tokens (JWTs) were generated during an app’s email/password credential check.

However, as the server did not require email address confirmation, it was possible to add a CRLF character to the end of an existing victim email address during registration and create an account that bypassed the JWT and email parameter check.

The app’s HTTP response returned the victim’s vehicle identification number (VIN) during testing. Curry then sent an HTTP request with the crafted account details, and after a few seconds, Specters confirmed his car had been remotely unlocked.

**In the driver’s seat**

In itself, the attack chain required many requests. The researchers, therefore, created a Python proof-of-concept (PoC) script compiling these steps – and according to a video of the script in action, an email address is all that is required to launch an attack.

Actions that the team carried out included:

● Remotely flashing the victim’s vehicle’s headlights.

● Honking the horn.

● Starting or stopping the engine.

● Locking or unlocking the car.

● Changing a PIN.

● Unlocking the boot.

Speaking to The Daily Swig, Curry said the vulnerability was disclosed to Hyundai roughly two months ago as part of a package of telematics issues impacting different car manufacturers related to SiriusXM remote management software.

As part of a coordinated vulnerability disclosure program, a fix was issued before the vulnerability was made public.

**Fuel for thought**

While Curry said the project was “mainly for fun”, commenting on the research, Specters said:

“I do want to highlight we started this research because we all recognized that embedded security for vehicles was getting increasingly better but application security was lagging behind by a large margin. We wanted to push that change and hope we did.”

YOU MAY ALSO LIKE Million-dollar bug bounties: The rise of record-breaking payouts

Critical vulnerability allowed attackers to remotely unlock, control Hyundai, Genesis vehicles

New web targets for the discerning hacker

New web targets for the discerning hacker

Bug bounty platform HackerOne has launched a scheme to encourage customers to adopt a standard policy geared towards protecting hackers from potential legal problems.

The Gold Standard Safe Harbor (GSSH) is designed to be “short, broad, \[and\] easily-understood”, according to HackerOne.

Many bug bounty and vulnerability disclosure programs offer safe harbor agreements that allow hackers acting in good faith to do their thing. HackerOne’s standard policy is designed to collate best practices while reducing the administrative burden for hackers, who will have no need to scrutinize the terms and conditions of targets before looking for in-scope vulnerabilities.

European crowdsourced security platform Intigriti, meanwhile, has launched Bug Bounty Calculator, a tool designed to help bug bounty program owners pitch their payout rates at the appropriate level.

To generate reward suggestions program providers select their industry and describe their assets in terms of risk level, maturity level, and incentive curve.

Inti de Ceukelaire, head of hackers at Intigriti, explained why he built the tool: “Anyone can set up a bug bounty program, but if you aren’t sure what you’re doing, you may pay too much for vulnerabilities. Even worse, set your bounties too low and you may not attract any researchers at all.”

The maximum payout awards under a growing number of programs have reached $1 million and more. Earlier this week The Daily Swig took a closer look into these high potential reward programs and discovered that market forces, in particular a scarcity of skilled talent, are driving up the value of rewards offered.

Web 3.0 and crypto platforms, in particular, are competing to offer dazzlingly high potential rewards. However, experts questioned by The Daily Swig pointed out the rarity of firms in this arena actually paying out seven-figure sums, which suggests some are offering enormous potential bounties in an attempt to court publicity.

Against this are several examples of six-figure payouts by more established tech vendors such as Apple and Intel. However, HackerOne reports that the median payouts for critical vulnerabilities comes in at $3,000 – a figure worth bearing in mind by anyone tempted to quit their day job in pursuit of greater riches on the bug bounty circuit.

An example of an interesting flaw on the lower end of the scale dropped early in November when a researcher revealed that they had earned a $250 bug bounty payout after discovering a code injection flaw in Acronis’ cloud management console that could be abused for data theft.

On November 4, ‘Medi’ (under the alias ‘mr-medi’), published a technical analysis of the client-side path traversal flaw, which they described as the “favorite bug” they’d ever found.

**The latest bug bounty programs for December 2022**

The past month saw the arrival of several new bug bounty programs. Here’s a list of the latest entries:

**Abraxas (enhanced)**

**Program provider:  
**Bug Bounty Switzerland

**Program type:  
**Public

**Max reward:  
**CHF 30,000 ($26,167)

**Outline:  
**Abraxas, which provides IT services for the government and public sector in Switzerland, has tripled maximum payouts from 10,000 Swiss francs to 30,000 francs.

**Notes:  
**Program has a particular focus on vulnerabilities that could enable attackers to manipulate the outcome of Swiss elections.

Check out the Abraxas bug bounty page for more details

**Amber AI**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$5,000

**Outline:  
**AMBER AI, a “crypto-finance service provider”, is offering between $2,500 and $5,000 for the submission of valid critical bugs.

**Notes:  
**Vulnerabilities in AMBER AI’s core business services qualify for the highest payout tier but the web 3.0 business is also interested in a wide range of web security vulnerabilities such as SQL injection, CSRF, and denial-of-service issues.

Check out the AMBER AI bug bounty page for more details

**Expedia Group**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$5,000

**Outline:  
**Expedia runs a portfolio of travel websites that offer hotel, flight booking, and more.

**Notes:  
**A range of targets are in scope including hotels.com. orbitz.com, and expedia.com.

Check out the Expedia Group bug bounty page for more details

**Magic Eden**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$2,500

**Outline:  
**Magic Eden styles itself as a community-centric NFT marketplace.

**Notes:  
**The bug bounty program is focused on smart contracts and on guarding against the freezing of funds, direct theft, denial of business function, or other attacks that interfere with the smooth operation of the marketplace.

Check out the Magic Eden bug bounty page for more details

**Teleport**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$5,000

**Outline:**

Teleport offers open source technology based around the zero trust model and designed for the administration of servers and cloud-based applications.

**Notes:  
**Vulnerabilities in both the on-premises software and cloud-based versions of Teleport’s technologies fall within the scope of the program.

Check out the Teleport bug bounty page for more details

**ThousandEyes**

**Program provider:  
**Bugcrowd

**Program type:  
**Public

**Max reward:  
**$4,500

**Outline:  
**ThousandEyes, which offers network intelligence software, has invited elite hackers to probe five targets for security flaws.

**Notes:  
**In-scope targets include ThousandEyes' website, application platform, customer-accessible API, and enterprise and agent software. The firm reopened its previously dormant bug bounty program in late November.

Check out the ThousandEyes bug bounty page for more details

**ZeroBounce**

**Program provider:  
**HackerOne

**Program type:  
**Public

**Max reward:  
**$3,000

**Outline:  
**ZeroBounce offers email marketing services, targeted towards the needs of enterprise customers.

**Notes:  
**A broad array of web security vulnerability (such as XSS) on the zerobounce.in domain and flaws in the associated API library (api.zerobounce.in) are within scope.

Check out the ThousandEyes bug bounty page for more details

PREVIOUS EDITION Bug Bounty Radar // The latest bug bounty programs for November 2022

Bug Bounty Radar // The latest bug bounty programs for December 2022

Users should manually update to the latest version now

Users should manually update to the latest version now

  

UPDATED A series of flaws in Tailscale, an open source mesh virtual private network (VPN) software, could allow attackers to stage remote code execution (RCE) attacks against VPN nodes.

Tailscale depends on multiple services. The main process, called tailscaled, does the work of connecting nodes and sending/receiving packets.

There is a separate process that provides a user interface and a tray icon to configure and monitor the services. This front-end interface communicates with the tailscaled service through an HTTP API called .

**From DNS rebinding to control plane takeover**

If a malicious website tries to send a JavaScript command to the Tailscale LocalAPI, the browser’s Same-Origin policy will prevent it.

However, according to the findings of security researcher Emily Trau and Jamie McClymont, if the attacker manages to perform a DNS rebinding attack on the Tailscale node, they will be able to map their malicious domain to the local IP and send arbitrary commands to the .

“Rebinding is a bug with very niche applicability (HTTP services listening on private networks with no explicit authentication), usually discussed in the context of IoT devices,” McClymont told The Daily Swig. “It’s the type of thing there are talks about it at hacker conferences and such, and yet I’ve never encountered a situation where it’s exploitable during a pentest job.”

The does not authenticate client requests aside from verifying that they’re coming from the same user that is running the Tailscale GUI.

The malicious website can exploit this feature to change the Tailscale “control plane” to an arbitrary server. The “control plane” is the server that stores the public keys of the VPN nodes (also called the tailnet).

**In a tailspin**

As the tailnet administrator, the attacker can now enable Taildrop, a feature that allows users to send files between their devices on a Tailscale network.

Using Taildrop, the attacker can then send an arbitrary executable to the victim’s desktop without marking it as originating from the web, which means Tailscale will be able to launch it without requiring user interaction.

To execute the payload, the attacker can use another feature of the control plane, which demands the Tailscale node to reauthenticate itself when trying to perform a privileged action. The re-authentication prompt includes an address that is forwarded to the GUI and runs it in the browser.

To run the file, the attacker will need to have its full path, which requires knowledge of the victim’s username. To obtain the victim’s username, the attacker can prompt for an SMB path through the Tailscale network. This will send the Windows username to the attacker-controlled tailnet server.

“For the Windows RCE chain, you just need to click a link to an attacker-controlled webpage, or for the malicious Javascript to be served up to you some other way (e.g. malicious JS embedded in an ad on a legit site, or an XSS bug in legit site being exploited to add the malicious code),” McClymont said.

If you were running a stable Tailscale version, the exploit will lie dormant until you next restart Tailscale or reboot your machine, at which point the RCE happens.

“You could argue this is still zero interaction since Windows Update will automatically reboot without interaction eventually,” McClymont said. “If you had the unstable pre-release Tailscale version from right before we found the bugs, we could trigger the exploit immediately without waiting for a reboot.”

**A catch on DNS rebinding**

A recent modification to the policy forbids rebinding a site that was hosted on a public IP to a private IP space. This prevents the attacker from rebinding an internet-hosted malicious website to a local IP address.

But it is still applicable if the attacker is on the same network as the victim. Also, the Firefox browser does not apply the private network address restriction, which makes it vulnerable to internet-hosted attacks.

Moreover, Trau found that PeerAPI, another Tailscale component, runs on the 100.100.100.100 IP and was vulnerable to rebinding, which would give the attacker another pathway to .

Also, if the attacker sends multiple files to the victim’s device through Taildrop, some of them will fail to reach their destination and will remain in a temporary location that is reachable through web calls without private network access restrictions.

Trau published a proof-of-concept video of the attack. Windows machines are especially vulnerable to different variations of the attack. Other operating systems can also be exploited under special circumstances.

The issues have been solved in the latest version of Tailscale. Since Tailscale does not automatically update itself, users should make sure they are running v1.32.3 or later.

“If you’re running HTTP services over Tailscale which rely on Tailscale for authentication (they don’t have their own login page etc.), you need to harden them against rebinding attacks, either by allowlisting Host headers or by running those services only on HTTPS,” McClymont said.

This article has been updated to include comment from researchers.

RECOMMENDED Intel disputes seriousness of Data Centre Manager authentication flaw

Tailscale VPN nodes vulnerable to DNS rebinding, RCE

Security researcher scores $10K bug bounty

John Leyden 29 November 2022 at 16:30 UTC

Security researcher scores $10K bug bounty

A security researcher has released details of how they were able to hack Intel’s Data Center Manager (DCM).

More specifically, Julien Ahrens of RCE Security succeeded in bypassing Intel DCM’s authentication by spoofing Kerberos and LDAP (Lightweight Directory Access Protocol) responses, creating an exploit chain that they claim yielded remote code execution (RCE) in the process.

Intel acknowledges that Ahrens uncovered a vulnerability – tracked as CVE-2022-33942 and assessed with a severity score of 8.8 – but disputes its seriousness. According to Intel, the issue represents only a privilege elevation flaw rather an RCE risk.

“A protection mechanism failure in the Intel DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access,” a summary by Mitre Corp explained.

Despite the contended vulnerability disclosure process, Ahrens argued successfully enough for Intel to make a one-time exception and reward the researcher with a $10,000 bug bounty – much more than it would normally pay out for this class of security problem.

Catch up with the latest enterprise security news

Intel’s Data Centre Manager Console offers a real-time monitoring and management dashboard that can be used to manage an array of data center assets. Ahrens uncovered vulnerabilities in the product through a source code review of the decompiled application.

Some aspects of the painstaking work that followed and its results may be relevant to other security researchers and technology developers.

“It was the first time I discovered this kind of vulnerability, mainly because I barely looked at Active Directory-integrated software,” Ahrens told The Daily Swig.

“However, it might be the case that other vendors suffer from the same type of vulnerability if they don’t validate the user-defined authentication domain (which, however, should be done since it’s part of the overall authentication schema).”

**Technical write-up and sequel**

The researcher has published the main aspects of his findings in a detailed technical blog post that recounts the main aspects of the story. A second blog post is due out later this week.

The freelance penetration tester and security researcher added: “This specific bug also always depends on a configured Active Directory group with a well-known SID \[security identifier\] – so it does not apply to Active Directory implementations, per se.

“You could theoretically also exploit this using single user or custom group objects that don’t have a well-known SIDs, but that would require the attacker to either be able to guess, predict, or leak it somehow else.”

According to Ahrens. Intel resolved the vulnerability by enforcing LDAP-based \[controls\] and performing an additional certificate check against DCM’s internal SSL keystore, where the Active Directory CA certificate needs to be trusted.

In response to queries from The Daily Swig, Intel said it had issued a public security advisory for the issue as part of its usual process. “It’s resolved via an update to Intel® DCM software version 5.0 or later,” an Intel spokesperson added.

YOU MAY ALSO LIKE Zendesk Explore flaws opened the doors to account pillage

Source

PortSwigger