Missing Dispatcher Filters — External access not Blocked | AEM Invalidate Dispatcher Cache | mufazmi
Vulnerabilities can be found in the most unexpected areas of the constantly changing field of cybersecurity. I just had the chance to find a serious security hole in the Coutts website. This flaw made use of a cache invalidation bypass, which could have allowed unauthorized users to access cached content and seriously compromised the security of the website. I’ll walk you through this vulnerability’s discovery, impact, proof of concept, and mitigation measures in this blog post.
The Redicted website’s Adobe Experience Manager (AEM) cache invalidation method contained the vulnerability. An attacker could control the cache invalidation procedure by delivering a well crafted request to a particular endpoint. The target was as follows:
Impact
This weakness had the potential to do serious damage:
1. Unauthorised Access to Cached Content: An attacker may be able to access restricted cached content, which would reveal sensitive data.
2. “Cache Poisoning”: By tricking the cache invalidation process, the attacker could inject malicious content into the cache and distribute unauthorised or hazardous material to users.
3. Denial of Service (DoS): Frequent cache invalidation could result in excessive resource consumption, which might result in a denial-of-service circumstance.
Proof of Concept
I did the following to illustrate the vulnerability:
1. To force cache invalidation, I used the curl command:
curl -X 'GET' -H 'CQ-Handle: /content' 'https://www.redicted.com/dispatcher/invalidate.cache'2. The server regularly gave back the message “OK.”
Replication procedures
The vulnerability can be simulated as follows:
1. Access the following URL: https://www.redicted.com/dispatcher/invalidate.cache
2. Check the server’s response, which always includes the message “OK,” regardless of the value specified in the header “CQ-Handle.”
Mitigation Procedures
The following steps must be taken in order to protect against this vulnerability:
1. Review and update the logic used for cache invalidation. To ensure that it correctly validates and authorises requests for cache invalidation, the AEM cache invalidation logic should be carefully evaluated and updated.
2. Implement stringent input validation and filtering techniques to stop unauthorised characters or payloads from interfering with the process of invalidating the cache.
3. Implement access controls so that only authorised users are allowed to invalidate caches.
It gives me great pleasure to announce that after reporting this vulnerability to the Redicted Programme it has been fixed.
In conclusion, it’s critical to maintain vigilance because security flaws can be present in unexpected places. We have made the internet a safer place by finding this vulnerability and responsibly sharing it. I appreciate you reading, and keep in mind that by working together, we can improve cybersecurity one discovery at a time.
Read Ref For More Info : https://twitter.com/aemsecurity/status/1244965623689609217
