michelangelus - Fotolia
A flaw that exposed an unauthenticated script was recently found and fixed in Navarino Infinity, a maritime communications bandwidth management system used on ships with any type of satellite communication system. What was the flaw, and what types of threats did it enable?
The flaw found in Navarino Infinity version 2.2 and earlier was due to the presence of an unauthenticated web interface script left accessible by the satellite communication system.
The vulnerabilities it exposed to attackers were blind SQL injection, session fixation and authentication bypass using an alternate path. These vulnerabilities include:
- Blind SQL injection: This vulnerability doesn't require human intervention, as it blindly asks the database true or false questions and determines the answer based on the application response. All or part of a SQL command is constructed using external input from an upstream component. Navarino Infinity doesn't neutralize or incorrectly neutralize special elements that could modify the SQL command when sent to a downstream component.
- Session fixation attack: This vulnerability allows an attacker to find, set or hijack another person's valid session identifier that is being accepted from a query string on the URLs. A web application doesn't invalidate the current session when the person is authenticated. In a simple scenario, the attacker creates a new session and records the associated session identifier while the victim authenticates against the server using the session identifier. The server accepts the session identifier as a GET parameter, not as POST data -- enabling the attacker to access the authenticated session and the victim's account.
- Authentication bypass using an alternate path: This vulnerability allows an attacker to take advantage of the alternate path that doesn't require authentication, as some functions in the URL don't require it.
When exploited, the vulnerability in the Navarino Infinity software enabled a remote, unauthenticated attacker to bypass authentication, perform administrative functions or inject malicious SQL queries. An attacker could also access data through the victim's satellite communication system installed on the target ship, exposing the ship's destinations to the attacker.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Web server threats and application attacks
Related Q&A from Judith Myerson
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what ... Continue Reading
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch... Continue Reading
The TP-Link EAP Controller for Linux was recently found to be vulnerable to attacks. Learn from Judith Myerson what this means for users and how it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.