CVE-2022-41797 Inappropriate authorization in handler for custom URL scheme vu t can lead to access to arbitrary website.

The attacker can send malicious links or emails to the user via malicious websites or take advantage of compromised user accounts. Invalid authorization can be obtained by the attacker via the following methods: 1. User clicks on a malicious link or opens a malicious email.

2. User accesses a malicious website via a phishing attack.

3. User visits a malicious website and clicks on a malicious link via a Man-in-the-Middle (MitM) attack.

Impersonating a legitimate website by sending a response with invalid authorization headers allows the attacker to access the victim's account and lead the user to an arbitrary website. In most cases, the malicious site is controlled by the attacker. End users should be aware of the risk of allowing unverified individuals to access their accounts, and should exercise caution when clicking links or opening emails that they did not initiate.

User sessions and session IDs

In the event that a user is compromised, the attacker will be able to steal any data that is stored in the user's session. To mitigate this risk, it is recommended that users limit what information they store in their sessions and use SSL to encrypt all information stored in their sessions.

User accounts are vulnerable to attack when a malicious website uses invalid authorization response headers to impersonate legitimate websites. Session ID can be used by an attacker to gain unauthorized access on the victim's account. Users should avoid storing sensitive information, such as passwords, in their session ID.

Vulnerability in Google Sites

A vulnerability in the Google Sites website CMS that is triggered by malicious links or emails was found by a researcher at the French security firm Vade Secure.
The vulnerability can be exploited by an attacker to obtain authorization status for any user account on the site, which can then lead to the attacker gaining unauthorized access. A malicious link sent via email or a phishing attack could trigger this vulnerability. The vulnerability is being reported with CVE-2022-41797.

Summary of Key Points

1. Attackers have the ability to send malicious links or emails to the user via malicious websites or take advantage of compromised user accounts.
2. Invalid authorization can be obtained by the attacker via the following methods:
3. In most cases, the malicious site is controlled by the attacker.

Timeline

Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/25/2022 14:19:00 UTC

References

• https://jvn.jp/en/jp/JVN10921428/index.html
• https://play.google.com/store/apps/details?id=com.bd.nproject&hl=ja&gl=US
• https://apps.apple.com/jp/app/lemon8/id1498607143
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41797