Skybox Vulnerabilities

Overview Gotham Digital Science (GDS) recently discovered multiple vulnerabilities that affect the Skybox Manager Client Application and the Skybox Server. These consist of user privilege elevation, arbitrary file upload, password hash disclosure and user enumeration. The following CVEs have been assigned: CVE-2017-14773 - Privilege Elevation During Authentication CVE-2017-14771 - Arbitrary File Upload CVE-2017-14770 - Password Hash Disclosure CVE-2017-14772 - Username Enumeration This post will describe in detail how GDS found these vulnerabilities. Vulnerable Versions Skybox Manager Client Application version 8.5.500 and earlier are vulnerable. All versions are affected by CVE-2017-14772 Details The Skybox Manager Client is a Java thick application that enables you to determine your network’s attack surface, perform vulnerability and threat management, maintain firewalls on your network, and manage network change requests. When testing Java thick applications, it is beneficial to attach a debugger to enable you to step through the application logic and bypass front end validation. Often vendors rely only on front end validation on the client to secure themselves from malicious input, but by having a debugger attached an adversary can change variable values during run time. It is then up to the server to validate the user input. Having a functional client that can be manipulated in this manner is far more efficient...
Read more