ISPsystem, a software for managing websites and servers, was found to have a serious security vulnerability. CheckPoint’s Aliaksandr Chailytko and Alexey Bukheyev discovered this hole in the software. The flaw could have allowed attackers to take over users’ websites, servers, billing data, and so on.
What led to the vulnerability?
All in a matter of minutes
In the attack scenario, Chailytko and Bukheyev emphasize how attackers could exploit the unnamed vulnerability conveniently. “...seed lookup by the 6-bytes sequence takes at most about 20 minutes on a 16-core CPU, and this operation can easily be scaled to achieve any required speed. You can also pre-generate all 232 sequences and store them in a database. It requires about 1.5 TB of space to store all the generated data. After acquiring the seed and the sequence of bytes, all 6-byte sub-sequences should be applied as the possible session cookie,” they told.
Publisher