Vulnerability "CGI Generic Cross-Site Request Forgery Detection (potential)"
890 views
Skip to first unread message
azizi hack
Aug 29, 2022, 7:45:18 AM8/29/22
to Wazuh mailing list
Hello experts,
I've installed the latest Wazuh 4.3.7 on Ubuntu 22.04 running without any issue.
Unfortunately, our Tenable IO scanner has flagged another vulnerability - "CGI Generic Cross-Site Request Forgery Detection (potential)" with medium severity level.
Synopsis:
The remote web server might be prone to cross-site request forgery attacks.
Description:
Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery (XSRF) protection. The web application might be vulnerable to XSRF attacks. Note that :
- Nessus did not exploit the flaw.
- Nessus cannot identify sensitive actions; for example, on an online bank, consulting an account is less sensitive than transferring money.
You will need to audit the source of the CGI scripts and check if they are actually affected.
See Also
https://en.wikipedia.org/wiki/Cross-site_request_forgery
Solution:
Restrict access to the application vulnerable to cross-site request forgery. Contact the vendor for a patch or upgrade.
Please assist to resolve this issue. Thank you!
I've installed the latest Wazuh 4.3.7 on Ubuntu 22.04 running without any issue.
Unfortunately, our Tenable IO scanner has flagged another vulnerability - "CGI Generic Cross-Site Request Forgery Detection (potential)" with medium severity level.
Synopsis:
The remote web server might be prone to cross-site request forgery attacks.
Description:
Nessus has found HTML forms on the remote web server. Some CGI scripts do not appear to be protected by random tokens, a common anti-cross-site request forgery (XSRF) protection. The web application might be vulnerable to XSRF attacks. Note that :
- Nessus did not exploit the flaw.
- Nessus cannot identify sensitive actions; for example, on an online bank, consulting an account is less sensitive than transferring money.
You will need to audit the source of the CGI scripts and check if they are actually affected.
See Also
https://en.wikipedia.org/wiki/Cross-site_request_forgery
Solution:
Restrict access to the application vulnerable to cross-site request forgery. Contact the vendor for a patch or upgrade.
Please assist to resolve this issue. Thank you!
Gabriel Diaz Lopez de la Llave
Sep 5, 2022, 2:54:50 AM9/5/22
to Wazuh mailing list
Hello!
As we have discussed, we believe this is a false positive.
wazuh-dashboard is based on opensearch-dashboards, which is a fork of kibana. The three share the protection mechanism against CSRF based on a custom header and the SOP policy. You can see this method described in the OWASP guide Cross-Site Request Forgery Prevention - OWASP Cheat Sheet Series
You can test it using curl like:
➜ curl -k -X POST https://dashboard/auth/login -H "content-type: application/json" -d '{"username": "user", "password": "password"}'
{"statusCode":400,"error":"Bad Request","message":"Request must contain a osd-xsrf header."}%
{"statusCode":400,"error":"Bad Request","message":"Request must contain a osd-xsrf header."}%
The current backend supports the following headers:
osd-xsrf: true
osd-version: 1.2.0
to test against CSRF.
Using curl again:
➜ curl -k -X POST https://dashboard/auth/login -H "content-type: application/json" -H "osd-version: 1.2.0" -d '{"username": "user", "password": "password"}'
{"username":"user","tenants":{"global_tenant":true,"admin_tenant":true,"admin":true},"roles":["own_index","all_access"],"backendroles":["admin"]}%
{"username":"user","tenants":{"global_tenant":true,"admin_tenant":true,"admin":true},"roles":["own_index","all_access"],"backendroles":["admin"]}%
➜ curl -k -X POST https://dashboard/auth/login -H "content-type: application/json" -H "osd-xsrf: true" -d '{"username": "user", "password": "password"}'
{"username":"user","tenants":{"global_tenant":true,"admin_tenant":true,"admin":true},"roles":["own_index","all_access"],"backendroles":["admin"]}%
{"username":"user","tenants":{"global_tenant":true,"admin_tenant":true,"admin":true},"roles":["own_index","all_access"],"backendroles":["admin"]}%
Further references:
Thanks,
Gabriel
Reply all
Reply to author
Forward
0 new messages