In a previous post of this series, we showed why a private cloud is not necessarily more secure than a public one and presented a vulnerability in OpenStack. This post focuses on XSS vulnerabilities we found in Eucalyptus, a well-known Cloud Management Platform. We also demonstrate an exploit for these vulnerabilities.
The Infrastructure-as-a-Service platform Eucalyptus emerged from a research project at the University of Santa Barbara and was commercialized in 2009 by Eucalyptus Systems Inc. Eucalyptus mimics Amazon Web Services (AWS), therefore Eucalyptus can manage either Amazon or Eucalyptus VMs.
Recent research on web security and related topics. Provided and maintained by members and friends of the Chair for Network and Data Security at the Ruhr University Bochum, Faculty of Electrical Engineering and Information Technology, Horst Görtz Institute for IT-Security.
Thursday, January 8, 2015
Tuesday, January 6, 2015
Attacking SSO Part 2: Breaking OpenID in Drupal with Key Confusion
In this Post, we will describe a vulnerability in Drupal's OpenID SSO module that was shipped with Drupal Core prior Versions 6.30 and 7.26. The attack allows an attacker to login as an arbitrary user (even as an Admin), but does not require any interaction with the victim. The vulnerability was reported to the Drupal Security Team and they fixed it at the beginning of 2014 (SA-CORE-2014-001).
To detect the vulnerability, we developed a novel SSO attack technique called Key Confusion. We discovered the attack by setting up our own IdP for analyzing and attacking SSO, see Part 1 of our SSO attack series.
Subscribe to: Posts (Atom)
When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...
Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medic...
Inspired by James Kettle 's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security i...
One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is n...
In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks: We complete...