Lots to learn, clearly explained in plain English… listen now! (Full transcript inside.)Read More
Related Posts
Critical GitHub Enterprise Server Flaw Allowed Attackers to Bypass Authentication
Critical GitHub Enterprise Server Flaw Allowed Attackers to Bypass Authentication
A critical vulnerability was discovered in the GitHub Enterprise Server that could allow attackers to completely bypass authentication and gain unauthorized access to repositories and sensitive data.
The flaw tracked as CVE-2024-4985 has a CVSS severity score of 10.0, the highest possible.
GitHub Enterprise Server Flaw
The vulnerability exists in the SAML SSO authentication process of GitHub Enterprise Server versions 3.9.14/3.10.11/3.11.9/3.12.3.
It allows an attacker to send a specially crafted SAML response that would be accepted by the server even if the digital signature is invalid.
ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service
This enables the attacker to spoof any user’s identity, including admins, and access their private repositories and data. The root cause was a logic error in how SAML responses were validated.
The server checked that a SAML response was digitally signed but failed to properly verify that the signature was valid and matched the identity provider’s certificate.
Therefore, attackers could craft SAML assertions using any certificate to gain access.GitHub has published a security advisory and released patched versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4, which contain a fix.
There are currently no reports of this vulnerability being exploited in the wild. However, all GitHub Enterprise Server instances should be updated immediately.
Mitigations
Upgrade GitHub Enterprise Server to a patched version (3.9.15, 3.10.12, 3.11.10, and 3.12.4 or newer)
If unable to immediately upgrade, enable SAML certificate pinning as a temporary mitigation
Audit access logs for suspicious authentication activity from unknown IP addresses
Rotate all credentials and SSH keys if you suspect unauthorized access has occurred
This severe flaw underscores the critical importance of robust input validation and security testing, especially for widely used platforms that store sensitive data like source code.
Organizations should keep their the GitHub Enterprise Server and other key systems updated to protect against potential breaches and data theft.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
The post Critical GitHub Enterprise Server Flaw Allowed Attackers to Bypass Authentication appeared first on Cyber Security News.
A week in security (December 25 – December 31)
A week in security (December 25 – December 31)
Last week on Malwarebytes Labs:
How to recognize AI-generated phishing mails
How ransomware operators try to stay under the radar
The top 4 ransomware gang failures of 2023
Have a safe 2024!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Malwarebytes