When a user with administrative privileges issues a request to the DiscoveryService, the system will reply with a temporary access grant.
In this temporary grant, the user will be able to access files and directories that they don’t have permission to access. The DiscoveryService is accessible to the server level user root.
However, the DiscoveryService is also accessible to the data level user datapass. By issuing a request to the DiscoveryService and supplying the credentials of the datapass user, an attacker can access the data of any server level user on the system.
A remote attacker may be able to obtain sensitive information such as encryption keys and authentication information by simply observing the authentication protocol between the DiscoveryService and the server.
It is recommended that users consider changing their DiscoveryService password.
Discovery Service Authentication Protocol
The DiscoveryService can be accessed by server level users and data level users. The DiscoveryService is accessible to the root user at the server level, and to the datapass user at the data level.
DiscoveryService Request
Password Change
If you have administrative privileges on the DiscoveryService, it is recommended that you change your DiscoveryService password.
If a remote attacker has discovered the DiscoveryService password and wants to access your server level user data, they will be able to do so by simply issuing a request to the DiscoveryService and supplying the credentials of the datapass user.
Although this method is not known, this is possible because the DiscoveryService is accessible at all levels, including within directories of other users.
Authentication/confirmation vulnerability with DiscoveryService
The DiscoveryService is accessible to the server level user root. However, by issuing a request to the DiscoveryService and supplying the credentials of the datapass user, an attacker can access the data of any server level user on the system. A remote attacker may be able to obtain sensitive information such as encryption keys and authentication information by simply observing the authentication protocol between the DiscoveryService and the server.
It is recommended that users consider changing their DiscoveryService password.
CVE-2023-42306
When a user with administrative privileges issues a request to the DiscoveryService, the system will reply with a temporary access grant.
In this temporary grant, the user will be able to access files and directories that they don’t have permission to access. The DiscoveryService is accessible to the server level user root.
However, the DiscoveryService is also accessible to the data level user datapass. By issuing a request to the DiscoveryService and supplying the credentials of the datapass user, an attacker can access the data of any server level user on the system.
A remote attacker may be able to obtain sensitive information such as encryption keys and authentication information by simply observing the authentication protocol between the Discovery Service and the server.
It is recommended that users consider changing their Discovery Service password.
Timeline
Published on: 10/03/2022 15:15:00 UTC
Last modified on: 10/04/2022 21:03:00 UTC