Sunday, September 8, 2024
Homecyber security0.0.0.0 Day – 18 Yr Old Vulnerability Allow Attackers to Bypass All...

0.0.0.0 Day – 18 Yr Old Vulnerability Allow Attackers to Bypass All Browser Security

Published on

Threat actors often target and exploit security flaws in web browsers, as exploiting flaws in web browsers enables them to gain unauthorized access and perform several illicit activities.

Not only that, threat actors also get a wide attack surface with minimal effort by exploiting the security flaws in browsers.

Cybersecurity researchers at Oligo Security’s research team recently discovered 0.0.0.0 day, an 18-year-old vulnerability that enables attackers to bypass all browser security.

- Advertisement - EHA

Technical Analysis

It’s a major security problem affecting all popular web browsers (Chromium, Firefox, and Safari) that allows external websites to interface with software that is being run locally on macOS and Linux.

The vulnerability known as “ow.night” was caused due to the fact that the security mechanisms were implemented in different ways depending on what browser was used and the lack of any uniform standards in this industry.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

This vulnerability allows malicious websites to bypass browser security and communicate with the organization’s local network services which could lead to unauthorized access by hackers who are outside of its network and remote code execution upon these local services.

Consequently, using a rather harmless 0.0.0.0 IP address, attackers can target the local services for development purposes, and operating systems among others including internal networks.

While this vulnerability was again shown to be urgent by the recent discovery of active campaigns of ShadowRay.

Oligo researchers have shared their findings with the security teams for all major browsers and the browser vendors recognized the security problem.

The 18-year-old bug report, still Open (Source – Oligo)

Related standard modifications are being processed and some browser-level mitigations that will not accept 0.0.0.0 addresses are planned to be activated soon.

However, due to its complexity as well as lack of any finalized standard, this vulnerability still remains under attack in between allowing external websites access services on localhost.

This shows the need for a common browser industry standard that can address this fundamental security flaw and protect users and organizations from potential “0.0.0.0 Day.”

This critical flaw allowed public websites to override browser protections and access local network services, which can result in remote code execution.

At first, the vulnerability was caused by the Private Network Access (PNA) standard, which does not consider 0.0.0.0 as a private IP address.

Relationship between public, private, local networks in Private Network Access (Source – Oligo)

This deletion allowed hackers to use public domains for reaching local resources and, at the same time, skip the restrictions of CORS and exploit flaws in Ray frameworks or Selenium Grid as well as PyTorch TorchServe that were installed on localhost.

The researchers provided an example of unauthorized access and control of these local applications using only one HTTP request showing how essential it is to ensure a comprehensive standardized approach to secure local network access.

It is incredible how their disclosure helped with fixing this vulnerability in various browsers consequently demonstrating how responsible disclosure aids in internet security improvement.

Recommendations

Here below we have mentioned all the recommendations:-

  • Implement PNA headers.
  • Verify HOST headers to prevent DNS rebinding.
  • Add authorization layers for localhost.
  • Use HTTPS.
  • Implement CSRF tokens.
  • Remember browsers route to internal IPs.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...