注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

白帽子安全漏洞

IT 计算机网络信息安全 漏洞分享 Information Security

 
 
 

日志

 
 
 
 

CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Open Redirect Web Security Vulnerability  

2015-05-14 11:45:15|  分类: 计算机安全 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Open Redirect Web Security Vulnerability - whitehat - 白帽子安全漏洞
 


CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Open Redirect Web Security Vulnerability


Exploit Title: “Ping Identity Corporation” “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Web Security Vulnerability
Product: PingFederate 6.10.1 SP Endpoints
Vendor: Ping Identity Corporation
Vulnerable Versions: 6.10.1
Tested Version: 6.10.1
Advisory Publication: November 27, 2014
Latest Update: December 16, 2014
Vulnerability Type: URL Redirection to Untrusted Site  [CWE-601]
CVE Reference: CVE-2014-8489
mpact CVSS Severity (version 2.0): CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:P/A:N) (legend) Impact Subscore: 4.9 Exploitability Subscore: 10.0 CVSS Version 2 Metrics: Access Vector: Network exploitable Access Complexity: Low Authentication: Not required to exploit Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification
Author and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)




 
Introduction Details


(1) Vendor & Product Description:

Vendor:
 
Ping Identity


Product & Vulnerable Versions:
 
PingFederate  6.10.1 


Vendor URL & Download:

PingFederate 6.10.1  can be gained from here,  
http://documentation.pingidentity.com/display/PF66/Service+Provider+Integration



Product Introduction Overview:
"An SP is the consumer of identity attributes provided by the IdP through a SAML assertion. SP integration involves passing the identity attributes from PingFederate to the target SP application. The SP application uses this information to set a valid session or other security context for the user represented by the identity attributes. Session creation can involve a number of approaches, and as for the IdP, Ping Identity offers commercial integration kits that address the various SP scenarios. Most SP scenarios involve custom-application integration, server-agent integration, integration with an IdM product, or integration with a commercial application.

 Custom Applications: many applications use their own authentication mechanisms, typically through a database or LDAP repository, and are responsible for their own user-session management. Custom-application integration is necessary when there is limited or no access to the Web or application server hosting the application. Integration with these custom applications is handled through application-level integration kits, which allow software developers to integrate their applications with a PingFederate server acting as an SP.


With these integration kits, PingFederate sends the identity attributes from the SAML assertion to the SP application, which can then use them for its own authentication and session management. As for the IdP, application-specific integration kits include an SP agent, which resides with the SP application and provides a simple programming interface to extract the identity attributes sent from the PingFederate server. The information can be used to start a session for the SP application.


Ping Identity provides custom-application integration kits for a variety of programming environments, including: Java, .NET, PHP.


In addition, Ping Identity provides an Agentless Integration Kit, which allows developers to use direct HTTP calls to the PingFederate server to temporarily store and retrieve user attributes securely, eliminating the need for an agent interface."








(2) Vulnerability Details:
PingFederate 6.10.1 SP Endpoints web application has a computer security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. PingFederate has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. "Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What's more, you can now subscribe to an RSS feed containing the specific tags that you are interested in - you will then only receive alerts related to those tags." It has published suggestions, advisories, solutions details related to website vulnerabilities.

(2.1)
The security programming code flaw occurs at  “&TargetResource” parameter in “/startSSO.ping?” page.






  评论这张
 
阅读(28)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017