Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

ServiceNow admin credentials among hundreds of passwords exposed in cloud security blunder

More than 600 enterprises, universities, and government agencies may have inadvertently exposed their ServiceNow login credentials – many with administrator privileges – due to a vulnerability in the IT support platform.

Now patched, the security flaw centered on how the platform’s ‘Help the Help Desk’ feature requested information from endpoints and left unencrypted passwords publicly viewable on all ServiceNow instances that used the feature.

‘Entire environment compromise’

Gaining administrative access to a ServiceNow cloud instance would give an attacker free rein over customer support tickets, employee data, internal documentation, internal IT tickets, internal HR tickets, and other potentially sensitive customer information.

“Other ServiceNow features can even provide command execution on servers and workstations enrolled in various ServiceNow integrations,” said security researcher Jordan Potti in a blog post documenting his discovery.

“Given the amount of information and access ServiceNow has in many environments, this can lead directly to entire environment compromise.”

Hinder the Help Desk

ServiceNow, a cloud computing platform used by enterprises to manage digital workflows, has more than 17,000 customers.

Enterprise users can configure the Help the Help Desk feature to collect information, via a WMI script, from the endpoints of employees and customers.

According to Potti, however, “the credentials for the request were stored in a public JavaScript file on all ServiceNow instances” that used the feature.

The file was readily accessible at https://<customername>.servicenow.com/HelpTheHelpDesk.jsdbx, and the credentials were visible “at the top of the script for anyone’s viewing pleasure”.

Worse still, the base64-encoded passwords were not encrypted, even if the prefix encrypt: misleadingly indicated otherwise.

Potti added: “How this hadn’t been found before is interesting.”

Amplifying the risk

Many ServiceNow users exacerbated the security risk by using their administrator credentials when using SOAP [Simple Object Access Protocol] authentication for running the WMI script, overlooking the official documentation that outlines a process for creating an unprivileged role for the job.

As a result, the researcher discovered numerous administrator-level usernames such as sn_admin, admin, and servicenow-admin among the exposed credentials.

“In more than one case, credentials provided full admin access to ServiceNow instances that were used by global companies with bug bounty programs,” noted Potti.

Simple to GET

The researcher said simple GET requests were sufficient to determine when a host was exposing credentials.

Advertisement. Scroll to continue reading.

“Using some open source reconnaissance, a list of ServiceNow subdomains was collected and each one was issued a request for the HelpTheHelpDesk script,” he continued.

“If the httpUsername and httpPassword values were filled, the request was logged.”

The researcher unearthed the problem on August 15, 2020, and alerted ServiceNow on August 20.

The developers released a patch on October 8 and the vulnerability was publicly disclosed yesterday (February 21).

The Daily Swig has contacted ServiceNow and Jordan Potti for further comment. We will update the story if and when we receive replies.

Source: https://portswigger.net/daily-swig/servicenow-admin-credentials-among-hundreds-of-passwords-exposed-in-cloud-security-blunder

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Google has announced the first open-source quantum resilient FIDO2 security key implementation, which uses a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich....

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO