Uber has awarded an investigator $10,000 for locating a login bypass bug that associate assaulter might have wont to compromise the company’s internal network. On May 4th, Finnish investigator Jouko Pynnönen, UN agency works for the protection company Klikki Oy, submitted a report back to Uber’s bug bounty program hosted on HackerOne.
He determined however many *.uber.com websites do not use the WordPress login. Instead, they accept OneLogin, a supplier of single sign-on (SSO) and identity management services for cloud-based applications that use SAML and OpenID further as alternative formats and standards.
Uber awarded Finnish security investigator Jouko Pynnönen $10,000 for locating the flaw last month, equalling the very best bounty the corporate has paid out since it launched the program earlier this year. The exploit had 2 components, per Pynnönen, one that allowed him to bypass the system Uber uses for worker authentication, OneLogin, associated another that might have let an assaulter compromise Uber’s internal network, hosted on Atlassian’s Confluence collaboration code. Pynnönen, UN agency works for the firm Klikki Oy, told Threatpost on Tuesday that the login bug he found may well be wont to compromise a server that uses WordPress – like Uber’s PR website, newsroom.uber.com.
See additional at Uber Pays investigator $10K for Login Bypass Exploit https://wp.me/p3AjUX-uPy
According to the investigator, the WordPress plugin shipped by OneLogin contained a bug that allowed associate assaulter the flexibility to provide any username, email address, name, or role they wished. “If the username doesn’t exist already within the WordPress info, then the plugin can produce a brand new user,” Pynnönen wrote in his summary of the bug on HackerOne. On one website, eng.uber.com, he was able to produce a “Subscriber” account, whereas, on another, the newsroom.uber.com site, he was able to produce associate “Administrator” account, just by approximation the role’s name.
After he had gained administrator privileges on the Newsroom web site, he discovered that he’d be able to persist and attack the interior web site in addition, since the majority of the pages thereon internal web site, team.uberinternal.com, check with a script hosted on the Newsroom web site. The second a part of Pynnönen ’s vulnerability hinges on the flexibility to switch that JavaScript file, adrum.js, to compromise Uber’s internal network. per the man of science, Associate in Nursing wrongdoer might have achieved remote code execution via the compromised web site, as a result of JavaScript will be injected from the Newsroom web site into the Confluence atmosphere.
Pynnönen delineates a particular example during which when it’s loaded, Associate in Nursing add-on/plugin containing code can be put in, and successively a backdoor servlet can be created. Uber was fast to handle the problems – fixing them each during a day – and acknowledged Pynnonen’s work by satisfying him with the company’s most bounty. The high payout was because of the enchained JavaScript supply, one thing Uber admits “elevates the impact” of the bug. Pynnönen in-camera reported the problems at the start of could, however, the corresponding bug reports didn’t go public on HackerOne till Mon. it absolutely was the second time Pynnönen has rewarded a $10,000 bounty this year for deed an essential security bug. In January, Yahoo disclosed that it had patched an essential vulnerability in its communication the previous month that Pynnönen discovered that might have given attackers complete management of a user’s account.
See a lot of at Uber Pays man of science $10K for Login Bypass Exploit https://wp.me/p3AjUX-uPy
This guide explores the convenience of mobile printing and scanning, showing how to manage documents…
Digital document management is vital for organizations aiming to streamline operations, enhance collaboration, bolster security,…
According to statistics, people spend more and more time on the Internet. The website ecosystem…
Amazon's marketplace is an extremely fast-paced, constantly changing environment where maintaining the competition at bay…
The tips of writing an compelling extended mind thesis with our 10 insightful tips. Learn…
Transporting a vehicle from one location to another can be daunting, especially when trying to…