Vulnerability in SoftNAS Cloud allows attackers to bypass authentication
A vulnerability in SoftNAS Cloud allows attackers to completely bypass authentication when attempting to access the web-based admin interface, according to a Wednesday report from Digital Defense.
The vulnerability can be exploited "if customers have not followed SoftNAS deployment best practices and have openly exposed SoftNAS StorageCenter ports directly to the internet," which seems obvious on the surface, though the potential for someone to have configured this incorrectly is clearly possible. Exploitation of the vulnerability allows attackers to run arbitrary commands as root, which clearly undermines the security of the platform and data stored on it.
This is far from the first time we've seen a vulnerability like this, as an unsecured Elasticsearch server exposed customer order information and passwords for a number of Chinese-based ecommerce websites that cater toward overseas sales. As more companies move to the cloud, both cloud system providers and IT professionals need to ensure systems are configured correctly to ensure sensitive data is protected.
SEE: Top cloud providers 2019: A leader's guide to the major players (Tech Pro Research)
According to a Digital Defense blog post, "The load balancer configuration file has a check to verify the status of a user cookie. If not set, redirects a user to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user credentials."
The vulnerability exists in versions 4.2.0 and 4.2.1 of SoftNAS StorageCenter, and has been patched as of 4.2.2. Users can install this manually through the Software Update menu in the SoftNAS appliance web interface, which is slightly ironically the vulnerable component.
Digital Defense stated that "The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their team's work with VRT to provide prompt fixes for this cyber security issue."
For more on security, check out TechRepublic's coverage of why 25% of software vulnerabilities remain unpatched for more than a year, and learn 5 ways to properly secure new technology.