A crucial password management vulnerability (CVE-2023-4400) has been discovered in Skyhigh Secure Web Gateway (SWG), specifically in its main releases 11.x before 11.2.14, 10.x before 10.2.25, and controlled release 12.x before 12.2.1. This vulnerability exposes authentication information stored in configuration files to be extracted from the system via the SWG REST API. The underlying issue stems from SWG saving passwords in plain text within certain configuration files, thus potentially compromising the security of the affected system.

Exploit Details

The flaw lies in the way Skyhigh Secure Web Gateway manages passwords within its system, specifically in how it stores these sensitive credentials in plain text within multiple configuration files. As a result, an attacker with access to the affected system can utilize the SWG's REST API to gain unauthorized access to authentication information stored in these files.

An example of an API call that can exploit this vulnerability follows

curl -X GET "https://<IP Address>:<Port>/API/passwords" -H "content-type: application/json" -H "Authorization: Basic <Base64 Encoded Credentials>"

In this example, the attacker would replace <IP Address>, <Port>, and <Base64 Encoded Credentials> with valid information to access the target system. Upon executing the command, the attacker could potentially retrieve sensitive authentication information stored in plain text within the configuration files.

National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2023-4400

Skyhigh Networks Advisory: https://www.skyhighnetworks.com/security-advisories/CVE-2023-4400

Mitigation Steps/Recommendations

Organizations using affected versions of Skyhigh Secure Web Gateway should immediately upgrade the software to the latest patched versions (11.2.14, 10.2.25, or 12.2.1) as recommended by the vendor to prevent unauthorized access to sensitive password information.

In addition to software upgrades, organizations should ensure that proper access controls are in place for REST APIs to minimize the risk of unauthorized access. Regular audits of system configurations and adherence to best practices for password management can also help protect against similar vulnerabilities in the future.

Conclusion

Skyhigh Secure Web Gateway's CVE-2023-4400 vulnerability represents a significant risk to organizations utilizing affected versions. Immediate action should be taken to update to the suggested patched releases, implement appropriate access controls, and follow password management best practices to protect sensitive authentication information from unauthorized access.

Timeline

Published on: 09/13/2023 07:15:00 UTC
Last modified on: 09/15/2023 19:21:00 UTC