The authentication bypass vulnerability exists in the configuration of the user’s password. In order to exploit this issue, a malicious actor must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.
Vendor Response
The vendor released an advisory and a software patch for the vulnerability.
Vulnerability Description and Mitigation
Adobe has released a patch for this vulnerability and it is now available to all users. The patch fixes the issue by changing the default account password recovery and adding a new, unique password to the user’s account.
Meanwhile, Adobe advises users who have already had their account compromised to reset their passwords immediately or change them from their https://accounts.adobe.com/ website.
Exploit Proof of Concept (PoC)
Exploit Proof of Concept (PoC)
The following proof-of-concept exploits the CVE-2022-31656 vulnerability. It is a web browser exploit that takes advantage of the authentication bypass vulnerability and will install malware on a victim’s machine
Step 1: The attacker must have network access to the UI via a web browser.
Step 2: Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed.
Vulnerability Description and Recommendation
The vulnerability exists in the configuration of the user’s password. In order to exploit this issue, a malicious actor must have network access to the UI via a web browser. Once exploited, a malicious user can assume the identity of another user with the same organization. As a result, database access, remote file access, email access, and any other privileged task that was assigned to the victim can be assumed. This vulnerability is classified as high impact because if it is successfully exploited by an attacker, they will have full control of your company’s internal networks. There are multiple recommendations for mitigating this vulnerability. A simple mitigation would be updating your system’s password policy to require users to use complex passwords or change their passwords anytime they log into your system from an external device such as a web browser through VPN or Tor access (this prevents brute force attacks). Another mitigation could be restricting or monitoring who has login privileges and what those privileges are so that you can identify any potential attackers. This could be done through Access Control Lists (ACL), which block unauthorized users from accessing certain resources and applications on your system based on their IP address or hostname.
Timeline
Published on: 08/05/2022 16:15:00 UTC
Last modified on: 08/11/2022 16:02:00 UTC