With this, incoming chats through Rocket.Chat's Omnichannel will automatically create calls on your LigeroSmart the moment the chat starts, including sending an automatic message to the chat client with the created ticket number, no matter if the same was created by web chat, Facebook Messenger, Whatsapp or any other Rocket Omnichannel channel. Vulnerabilities like the first one are easy to fix.This article describes the step-by-step instructions for integrating your Rocket.Chat with LigeroSmart. It shows the dangers of NoSQL Injection vulnerabilities and how important it is to validate all user inputs. This concludes the exploit chain, starting with just the email address of a regular user, ending with the capabilities to execute arbitrary commands on the server. In such a case, an attacker can for example bypass a login by specifying an object as the password parameter which contains an operator expression that is always true, like = require('child_process') This happens often when user input comes in JSON format. A document that represents a user could look like this:Ī classic injection in this scenario occurs when a program expects a certain user-provided value to be a string, but it can also be an object. Each document has a JSON-like structure with keys and values on multiple hierarchical levels. It consists of collections and documents, which are the respective equivalents of tables and rows in a relational database. MongoDB is a popular document-oriented database and falls into the category of NoSQL databases. Combining them into a chain makes an attack less likely to be detected. Each one can be used on its own to take over an admin account but they use different injection approaches, making it interesting to see both. We found two NoSQL Injection vulnerabilities in two separate components. In other scenarios, it can be easy to guess or find email addresses of users. Some open source communities use public Rocket.Chat instances with open registration, which would be vulnerable. To attack a Rocket.Chat instance, an attacker either needs an account or has to know the email address of any user that has 2-factor authentication (2FA) disabled. Both vulnerabilities are fixed in version 3.13.2 and backported to older branches in versions 3.12.4 and 3.11.4. These can allow attackers to escalate their privileges, to execute arbitrary system commands on the host server, and to steal confidential user data and chat messages. Impactĭuring the analysis of Rocket.Chat 3.12.1 we found two NoSQL Injection vulnerabilities. Finally, I give advice on how to prevent such bugs in your applications. I then analyze the found vulnerabilities and how they can be chained for an exploit. In this blog post, I investigate these vulnerabilities by first taking a quick look at NoSQL databases, then explain how injections look like in that context. My security research team and I discovered critical vulnerabilities in its source code that could have been used by an attacker to take complete control over a server, starting with as little as any user’s email address. It has more than 12 million users worldwide and there are over 800,000 server instances deployed that are being used to exchange confidential information and files. Rocket.Chat is one of the most popular open-source solutions for team communication, written in JavaScript and TypeScript.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |