Connect with us

Hi, what are you looking for?

Cyber Security

Vulnerability in Apache Pulsar allowed manipulator-in-the-middle attacks

A newly-discovered vulnerability in Apache Pulsar allows a remote attacker to carry out a manipulator-in-the-middle (MitM) attack due to improper certificate validation.

Apache Pulsar is a distributed, open source solution for server-to-server messaging and queuing built on the publisher-subscribe pattern.

It’s used by thousands of companies for high-performance data pipelines, microservices, instant messaging, data integrations, and more, managing hundreds of billions of events per day.

But a delay in the TLS hostname verification process in the Pulsar Java Client and the Pulsar Proxy, discovered by Michael Marshall of cloud database-as-a-service firm DataStax, makes each client vulnerable to a MitM middle attack.

The vulnerability isn’t specific to the Pulsar protocol, but exists thanks to a fundamental weakness in TLS hostname verification that means that the protocol fails to enforce hostname verification.

The Pulsar Java Client sends its client certificate as part of its client authentication step, while the Pulsar Proxy sends its server certificate as part of its authentication step.

However, authentication data is sent before verifying that the server’s TLS certificate matches the hostname, meaning that authentication data could be exposed to an attacker.

Attack method

To take advantage of this vulnerability, an attacker would need to take control of a machine between the client and the server. They would then have to actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host.

And because the client sends authentication data before performing the hostname verification, it would be possible for the attacker to gain access to the client’s authentication data.

When the client verifies the hostname and establishes that the targeted hostname does not match a hostname on the certificate, the client eventually closes the connection.

This means that the value of the intercepted authentication data will depend on the authentication method used by the client, with token-based and username/password methods left vulnerable because the authentication data can be used to impersonate the client in a separate session.

The vulnerability, rated medium severity, affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; and 2.6.4 and earlier.

Users are advised to upgrade to unaffected versions – 2.7.5, 2.8.4, 2.9.3, 2.10.1, or higher – and to rotate vulnerable authentication data, including tokens and passwords.

DataStax says it has alerted its customers to the flaw. “The Pulsar security issues have already been fixed for the DataStax Luna Streaming offering and will be in an update to our Astra Streaming service soon,” says a spokesperson.

Source: https://portswigger.net/daily-swig/vulnerability-in-apache-pulsar-allowed-manipulator-in-the-middle-attacks

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO