Donnerstag, 8. Januar 2015

Save Your Cloud: Exploiting Eucalyptus 4.0.0 and 4.0.1

In a previous post of this series, we showed why a private cloud is not necessarily more secure than a public one and presented a vulnerability in OpenStack. This post focuses on XSS vulnerabilities we found in Eucalyptus, a well-known Cloud Management Platform. We also demonstrate an exploit for these vulnerabilities.

The Infrastructure-as-a-Service platform Eucalyptus emerged from a research project at the University of Santa Barbara and was commercialized in 2009 by Eucalyptus Systems Inc. Eucalyptus mimics Amazon Web Services (AWS), therefore Eucalyptus can manage either Amazon or Eucalyptus VMs.

Dienstag, 6. Januar 2015

Attacking SSO Part 2: Breaking OpenID in Drupal with Key Confusion

In this Post, we will describe a vulnerability in Drupal's OpenID SSO module that was shipped with Drupal Core prior Versions 6.30 and 7.26. The attack allows an attacker to login as an arbitrary user (even as an Admin), but does not require any interaction with the victim. The vulnerability was reported to the Drupal Security Team and they fixed it at the beginning of 2014 (SA-CORE-2014-001).
To detect the vulnerability, we developed a novel SSO attack technique called Key Confusion. We discovered the attack by setting up our own IdP for analyzing and attacking SSO, see Part 1 of our SSO attack series.