Friday, March 29, 2024
HomeSECURITYCritical CloudPanel vulnerabilities endanger thousands of organizations around the world

Critical CloudPanel vulnerabilities endanger thousands of organizations around the world

-


Critical CloudPanel vulnerabilities endanger thousands of organizations around the world

Rapid7’s specialists smashed the security of a German product for virtual server management to the smithereens.

Todd Beardsley, Company Researcher Rapid7discovered last November that CloudPanel’s self-hosted web administration solution had several security issues, including sharing the same private key SSL certificate in all installations and inadvertently overwriting firewall rules with default values. The company was notified of the vulnerabilities in a timely manner, but has managed to fix only a part of them so far.

The first problem is related to the unreliability of the “curl to bash” installation procedure, since the code is loaded without integrity checking. CloudPanel quickly fixed this issue by publishing a cryptographically secure checksum of the installation script.

The second problem is that the CloudPanel installation script resets the Uncomplicated Firewall rules that previously existed on the server (UVW) to standard values, which introduces a much more relaxed set of rules. In addition, the CloudPanel superuser account is left unprotected after the update, allowing potential attackers to set their own password there and take full control of the system.

Attackers would need to first find fresh installations of CloudPanel in order to exploit this vulnerability, but this was made possible thanks to a third issue discovered by Rapid7. Vulnerability tracked under ID CVE-2023-0391 and is caused by the use of a static SSL certificate in different CloudPanel installations, which allows attackers to quickly find vulnerable CloudPanel instances by the fingerprint of this very certificate.

Using the Internet Scan Tool Shodan, the Rapid7 expert found 5843 CloudPanel servers using the default security certificate. Most of these servers are located in the US and Germany.



Shodan Results for Vulnerable CloudPanel Servers

“By combining all the identified vulnerabilities together, an attacker can discover and exploit new instances of CloudPanel as they are deployed,” explained in his report director of research at Rapid7.

CloudPanel is featured prominently on the websites of cloud service providers such as AWS, Azure, GCP, and Digital Ocean, touting its product as an easy-to-use solution for administering your own Linux servers. However, since there are still no fixes for the firewall and SSL certificate issues, users are advised to immediately reconfigure the firewall immediately after installing CloudPanel, and generate and install their own SSL certificates. It is likely that not every company will cope with this task, especially if it does not have competent personnel in the field of system administration.

CloudPanel itself comments on the current situation as follows:

We want to note that we have not yet come across a single case where a potential admin user creation vulnerability was exploited during CloudPanel installation. However, we are committed to improving this aspect of our product in order to minimize any risk to our users.


Regarding the SSL certificate issue, we provide a self-signed SSL certificate during the installation process. This will keep HTTPS connections cryptographically secure and make it more difficult for automated scans to identify vulnerable instances.


We understand that the Rapid7 report may cause concern to our users. We appreciate your patience and understanding and are working to improve the security of CloudPanel”.



Source link

www.securitylab.ru

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular