Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Java RMI services often vulnerable to SSRF attacks – research

Java RMI services can be attacked through server-side request forgery (SSRF) attacks, according to a detailed analysis of the problem by security researcher Tobias Neitzel.

Java RMI is an object-oriented Remote Procedure Call (RPC) mechanism available in most Java installations. Software developers can use the technology to make functions available over a network.

For communication, Java RMI relies on serialized Java objects – a mechanism that attackers are often able to target, despite the fact that the technology has gone through a process of hardening and tempering over recent years, Neitzel discovered.

In a detailed technical blog post, the researcher explains how default RMI components can be attacked to variable outcomes. Potential outcomes can result in remote code execution, Neitzel told The Daily Swig.

SSRF attacks in general allow an attacker to trick a server-side application to make HTTP requests to a domain selected by an attacker, a behaviour that open the door to all manner of malfeasance.

“As with all SSRF techniques, the major problem is that attackers may be able to attack RMI services that are supposed to only be accessed from trusted networks,” Neitzel explained.

“Securing RMI properly is not that intuitive and there is a lot of hidden attack surface. Instead of configuring it properly, administrators often take the easy route and only allow access from trusted networks or clients.”

Neitzel’s research demonstrated that an external attacker “may be able to exploit insecure configured internal services by utilizing an SSRF vulnerability in an external service”, among other techniques.

The most commonly used RMI service is JMX. Neitzel showed it was possible to compromise a backend JMX service via SSRF, but only providing the system returns responses from the backend service and accept arbitrary bytes within them.

Similarly, SSRF-based attacks on default RMI components, such as the RMI registry, are also possible, though only where the system allows arbitrary bytes to be sent to the backend service.

“Java RMI is a binary protocol and requires all sorts of different data types during communication,” Neitzel said.

Mitigations

Susceptibility to SSRF attacks is symptomatic of wider insecurities that are all-too commonplace.

“Services may expose dangerous methods, do not implement deserialization filters, or are outdated and contain known vulnerabilities (e.g remote class loading),” Neitzel told The Daily Swig.

The German researcher’s blog post goes on to list security best practices and counter-measures for RMI services against potential attack.

These include enabling TLS protected communication for all RMI endpoints, using deserialization filters, and adding stronger authentication controls.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/java-rmi-services-often-vulnerable-to-ssrf-attacks-research

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Apache has resolved a vulnerability potentially exploitable to launch remote code execution (RCE) attacks using Kafka Connect. Announced on February 8, the critical vulnerability...

Cyber Security

Security analysis tool Binwalk itself poses a security risk to users running out-of-date versions due to a path traversal vulnerability that could lead to...

Cyber Security

A trio of authentication bypass bugs stemming from the use of hardcoded keys have been patched in popular enterprise analytics platform Yellowfin BI. After...

Cyber Security

Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products....

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO